URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Submission: On October 27 via api from PL

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 50 HTTP transactions. The main IP is 162.241.248.14, located in Brooklyn, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is decoded.avast.io.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 26th 2020. Valid for: 3 months.
This is the only time decoded.avast.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
29 decoded.avast.io decoded.avast.io
6 lh6.googleusercontent.com decoded.avast.io
5 lh3.googleusercontent.com decoded.avast.io
3 lh4.googleusercontent.com decoded.avast.io
3 www.google-analytics.com decoded.avast.io
www.google-analytics.com
2 fonts.gstatic.com fonts.googleapis.com
1 stats.g.doubleclick.net www.google-analytics.com
1 fonts.googleapis.com decoded.avast.io
50 8

This site contains links to these domains. Also see Links.

Domain
avast.io
www.avast.com
blog.avast.com
www.conceiva.com
github.com
www.qt.io
gchq.github.io
wordpress.org
Subject Issuer Validity Valid
www.decoded.avast.io
Let's Encrypt Authority X3
2020-10-26 -
2021-01-24
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh
*.googleusercontent.com
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh

This page contains 1 frames:

Primary Page: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Frame ID: EE325206BCB9D654D9344023FA8EF811
Requests: 50 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

50
Requests

100 %
HTTPS

86 %
IPv6

6
Domains

8
Subdomains

7
IPs

3
Countries

2244 kB
Transfer

2712 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
145 KB
51 KB
Document
General
Full URL
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
e9aeefb16b3c0ef2afed8d77e52fcd696b92264c5ed8d897896b57efe63da01c

Request headers

:method
GET
:authority
decoded.avast.io
:scheme
https
:path
/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Tue, 27 Oct 2020 15:26:50 GMT
server
nginx/1.19.0
content-type
text/html; charset=UTF-8
link
<https://decoded.avast.io/wp-json/>; rel="https://api.w.org/", <https://decoded.avast.io/wp-json/wp/v2/posts/2217>; rel="alternate"; type="application/json", <https://decoded.avast.io/?p=2217>; rel=shortlink
vary
Accept-Encoding
content-encoding
gzip
host-header
d3AuYmx1ZWhvc3QuY29t
x-server-cache
false
style.min.css
decoded.avast.io/wp-includes/css/dist/block-library/
53 KB
10 KB
Stylesheet
General
Full URL
https://decoded.avast.io/wp-includes/css/dist/block-library/style.min.css?ver=5.5.1
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
content-encoding
gzip
last-modified
Tue, 01 Sep 2020 23:09:04 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
text/css
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
10450
css
fonts.googleapis.com/
3 KB
550 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8d97a7cf891b0c3f0448f17d5319aa621e66755fe12f23cd10b83830c2ac8a12
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 27 Oct 2020 15:26:50 GMT
server
ESF
date
Tue, 27 Oct 2020 15:26:50 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 27 Oct 2020 15:26:50 GMT
min.css
decoded.avast.io/wp-content/themes/johannes/assets/css/
180 KB
43 KB
Stylesheet
General
Full URL
https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
8b7f6b3b98d203b064eeb91445b8bfc6f5bec3a2e7b76af8a23a7cb6cd0d8add

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
content-encoding
gzip
last-modified
Mon, 24 Jun 2019 11:19:20 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
text/css
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
main.css
decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/css/
9 KB
2 KB
Stylesheet
General
Full URL
https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/css/main.css?ver=1.2.1
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
a61e94c6cee47c0f689736d8b6d3a8ba98f9501a3e834b2cdedc374e4b88c6cf

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
content-encoding
gzip
last-modified
Wed, 17 Jul 2019 11:03:00 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
text/css
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
1995
frontend.min.js
decoded.avast.io/wp-content/plugins/google-analytics-for-wordpress/assets/js/
9 KB
3 KB
Script
General
Full URL
https://decoded.avast.io/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js?ver=7.12.2
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
content-encoding
gzip
last-modified
Mon, 10 Aug 2020 23:31:20 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
3153
jquery.js
decoded.avast.io/wp-includes/js/jquery/
95 KB
42 KB
Script
General
Full URL
https://decoded.avast.io/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
content-encoding
gzip
last-modified
Mon, 24 Jun 2019 11:02:11 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
662
date
Tue, 27 Oct 2020 15:15:48 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Tue, 27 Oct 2020 17:15:48 GMT
wp-emoji-release.min.js
decoded.avast.io/wp-includes/js/
14 KB
5 KB
Script
General
Full URL
https://decoded.avast.io/wp-includes/js/wp-emoji-release.min.js?ver=5.5.1
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
content-encoding
gzip
last-modified
Tue, 11 Aug 2020 23:34:35 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
4950
Asset-22ldpi.png
decoded.avast.io/wp-content/uploads/sites/2/2019/06/
3 KB
3 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2019/06/Asset-22ldpi.png
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
250fd3e1a88e39683d7798ac68311b15d4dd859903bc8faec08c37c0142f2c72

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Thu, 27 Jun 2019 10:05:00 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/png
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
3109
EYMmgDsZBnHuIzdKo7GQt5DdYt6l7syDb4q3c1qFhXzhW4qMCp8SuY2yl0csbOzTBRbt-0p5zDqgY5X8BM4SdnQN1b1nSG7neF4-80rOm2-x9HK7ci-S7XagvX8tXUcUJQjwcmb-
lh6.googleusercontent.com/
13 KB
13 KB
Image
General
Full URL
https://lh6.googleusercontent.com/EYMmgDsZBnHuIzdKo7GQt5DdYt6l7syDb4q3c1qFhXzhW4qMCp8SuY2yl0csbOzTBRbt-0p5zDqgY5X8BM4SdnQN1b1nSG7neF4-80rOm2-x9HK7ci-S7XagvX8tXUcUJQjwcmb-
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c7d69d84702a9288d0b41d02bd6d47180055d6cb47c980dd1f15508c09989529
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options
nosniff
age
9462
status
200
content-disposition
inline;filename="arguments.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12840
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 22 Oct 2020 11:04:53 GMT
cbHU0x3fBUqi1YgfRWlagQRLXOHTHMqHGnuSBTpDe64PAbPoW0o-ibdLN4_ERCTNcJHy3AeoeK3ii_0AcsvD1ajXYpI3SFul2PDxlhtrmcvaGew0uOXCITpMSftjcKtsFmHobJbp
lh4.googleusercontent.com/
106 KB
106 KB
Image
General
Full URL
https://lh4.googleusercontent.com/cbHU0x3fBUqi1YgfRWlagQRLXOHTHMqHGnuSBTpDe64PAbPoW0o-ibdLN4_ERCTNcJHy3AeoeK3ii_0AcsvD1ajXYpI3SFul2PDxlhtrmcvaGew0uOXCITpMSftjcKtsFmHobJbp
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ff9c887eaac88a3776c7275fc3c1b1beb06ca635fbe382636162d2d5a7851a31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options
nosniff
age
0
status
200
content-disposition
inline;filename="netshieldkit.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
108524
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 27 Oct 2020 10:27:46 GMT
BDL48tpOHGIIMZk7qTYdfPeMqgBbELLFl_siTyIScI9JbWz9AQflutz_-MnBAN5WJDBp9Yp-FbaYTfBfW2wWJ2QdPyeAgOubhhfHFVIZ8YY1e6HOAHzAJSkI9kA2vtT_DylCdIjg
lh3.googleusercontent.com/
76 KB
76 KB
Image
General
Full URL
https://lh3.googleusercontent.com/BDL48tpOHGIIMZk7qTYdfPeMqgBbELLFl_siTyIScI9JbWz9AQflutz_-MnBAN5WJDBp9Yp-FbaYTfBfW2wWJ2QdPyeAgOubhhfHFVIZ8YY1e6HOAHzAJSkI9kA2vtT_DylCdIjg
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
976119a6256ba5a34502c5e8fad48bdd8993c0193487704d2ed28d54dcb92a60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
x-content-type-options
nosniff
age
0
status
200
content-disposition
inline;filename="passive_dns.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
77861
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 20 Oct 2020 07:23:12 GMT
6b9lqPtfoR1frEtKWSG_IxLfpmOrOW7aRys8OwP0C6Ej9WMOuMuMZwTLGX2gP3OFiYCc_YXWuJ3XqOj9bYOwMp8L4N3jUV54oCpn_2dhYCqvSqWTdp3LEVigfoZyJ07SFfz9i9rg
lh3.googleusercontent.com/
34 KB
34 KB
Image
General
Full URL
https://lh3.googleusercontent.com/6b9lqPtfoR1frEtKWSG_IxLfpmOrOW7aRys8OwP0C6Ej9WMOuMuMZwTLGX2gP3OFiYCc_YXWuJ3XqOj9bYOwMp8L4N3jUV54oCpn_2dhYCqvSqWTdp3LEVigfoZyJ07SFfz9i9rg
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4ac781760d8b0bfc4d74d983009b0496ab719902d7147d32e2ca6d62d9e45660
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options
nosniff
age
0
status
200
content-disposition
inline;filename="dstudio_adblock.jpeg"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34986
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 27 Oct 2020 10:27:46 GMT
PknKIJM9RaWA85InI-I55xo1QnSFz3h5Ad2Fsr3libh5PD_WhPcHvrHDsGcLTzUtn229jMrky9W6TtNgWrZpzNerIHqvcUn-C5fYK21ZVUnwD2cjuUHsOl58NY_LK9l1j6GZWbuf
lh3.googleusercontent.com/
83 KB
83 KB
Image
General
Full URL
https://lh3.googleusercontent.com/PknKIJM9RaWA85InI-I55xo1QnSFz3h5Ad2Fsr3libh5PD_WhPcHvrHDsGcLTzUtn229jMrky9W6TtNgWrZpzNerIHqvcUn-C5fYK21ZVUnwD2cjuUHsOl58NY_LK9l1j6GZWbuf
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f9191233f06665045c919afe114da6f2c30675db6d91a2b315990ecb477d3260
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options
nosniff
age
0
status
200
content-disposition
inline;filename="dir_compare.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
84867
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 24 Oct 2020 15:19:55 GMT
OWW1XLuhPyWqCvpLJAYLEqgxMmkfHFZ5ptMegFwKmczSWSVMADSAkl-PAAdmDp3qNLcxr_13yFUmJkHjH_EF_YVuKHI3uzinCyLzKEy6FUTay83K_gQ45106yrWiRYkOa7kkg5jZ
lh4.googleusercontent.com/
25 KB
25 KB
Image
General
Full URL
https://lh4.googleusercontent.com/OWW1XLuhPyWqCvpLJAYLEqgxMmkfHFZ5ptMegFwKmczSWSVMADSAkl-PAAdmDp3qNLcxr_13yFUmJkHjH_EF_YVuKHI3uzinCyLzKEy6FUTay83K_gQ45106yrWiRYkOa7kkg5jZ
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
57949531fa389d9231049d557aff639a6155565eae5c757b5223b8e24c701005
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options
nosniff
age
0
status
200
content-disposition
inline;filename="qtwinextras_bindiff.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25222
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 27 Oct 2020 10:27:46 GMT
-KMnhcFcnIqYH791NxwS5mYZERP0bEgcdCXpE9S8LvL9qmVItZpDfw_VKkqel8uVXJGXxkgc6c6-uIOUvj0bELWSbuPrljqd0uQOfeyBrfsFWtK2-zWFAH_xjfZDLHx77qh_PzcK
lh6.googleusercontent.com/
34 KB
34 KB
Image
General
Full URL
https://lh6.googleusercontent.com/-KMnhcFcnIqYH791NxwS5mYZERP0bEgcdCXpE9S8LvL9qmVItZpDfw_VKkqel8uVXJGXxkgc6c6-uIOUvj0bELWSbuPrljqd0uQOfeyBrfsFWtK2-zWFAH_xjfZDLHx77qh_PzcK
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
e88d693c54a4ebfee33b0ac41924fbacce73ea68cd23d0928d45bafbb4704c01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options
nosniff
age
9462
status
200
content-disposition
inline;filename="iss_screenshot.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34459
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 28 Oct 2020 12:49:08 GMT
xU9uA3ZDwFjTrgJOT6DCGeeYVoaYpWIhlP2-QswyJCqFkE-9GhmZQRlmu4AgOtxFy37UQ264nPNX_kHnFkN0TdLEdR0noohGqct7P5HmamudQZLN-ma936qgJPH_EIZumMmh-U7x
lh6.googleusercontent.com/
18 KB
18 KB
Image
General
Full URL
https://lh6.googleusercontent.com/xU9uA3ZDwFjTrgJOT6DCGeeYVoaYpWIhlP2-QswyJCqFkE-9GhmZQRlmu4AgOtxFy37UQ264nPNX_kHnFkN0TdLEdR0noohGqct7P5HmamudQZLN-ma936qgJPH_EIZumMmh-U7x
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
7650a9a626dea790f9ff92fc5a189063505ef870c1867daee0451ad8c83591db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options
nosniff
age
9462
status
200
content-disposition
inline;filename="stackstr.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18718
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 28 Oct 2020 12:49:08 GMT
LBdyxt-xHY2J53ugbCUdPOjOxQNJAzNAzB74I4hvyKwrFLise4kdsYu9Msy6SRE7zJNoG55ySDqpbbUVaWVIcbFO16ZMMIuhZz0JZRk71zf5s5Zi-9Hv63U0BmwqoVms48t33Nti
lh6.googleusercontent.com/
10 KB
10 KB
Image
General
Full URL
https://lh6.googleusercontent.com/LBdyxt-xHY2J53ugbCUdPOjOxQNJAzNAzB74I4hvyKwrFLise4kdsYu9Msy6SRE7zJNoG55ySDqpbbUVaWVIcbFO16ZMMIuhZz0JZRk71zf5s5Zi-9Hv63U0BmwqoVms48t33Nti
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b3286ecf74a365433ac5e36f19b40120dee60243880b6a01c46adefe60c04d1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options
nosniff
age
9462
status
200
content-disposition
inline;filename="reg_licenskey.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10237
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 22 Oct 2020 11:04:53 GMT
spj8CA1Lwlknj-503UZJ1WhZ9grZw6iDq1unhdRHQmcGbGuSs_vaoBPKgrU61VhylWNRuawkPLtoAbj18B_xrBHox1NOiKRIQfmAxRCGB4JkY4HB5kP0SNv4XedqgWiJYWIsO1Sn
lh3.googleusercontent.com/
27 KB
27 KB
Image
General
Full URL
https://lh3.googleusercontent.com/spj8CA1Lwlknj-503UZJ1WhZ9grZw6iDq1unhdRHQmcGbGuSs_vaoBPKgrU61VhylWNRuawkPLtoAbj18B_xrBHox1NOiKRIQfmAxRCGB4JkY4HB5kP0SNv4XedqgWiJYWIsO1Sn
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
56a249e2a963e73aae401de2991dfb81883700c9a8db943ee79b1f5c94d063f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options
nosniff
age
0
status
200
content-disposition
inline;filename="cnc_traffic.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27940
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 27 Oct 2020 10:27:46 GMT
eCBQXdYMWb9mD3dM7dfKXoeTMLM0NmuddDTgKT3LmNsHvE-rWlYH3_fsQpa9L5OGAEhgq4LNIYnp8IYkhsx3jVliEJVJafqsQ-_S_eR00WE1cUsheWffxV-0BUcjG-EgCZ03hy3b
lh3.googleusercontent.com/
12 KB
12 KB
Image
General
Full URL
https://lh3.googleusercontent.com/eCBQXdYMWb9mD3dM7dfKXoeTMLM0NmuddDTgKT3LmNsHvE-rWlYH3_fsQpa9L5OGAEhgq4LNIYnp8IYkhsx3jVliEJVJafqsQ-_S_eR00WE1cUsheWffxV-0BUcjG-EgCZ03hy3b
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4b5806f91aaf7400568047017a52109397a8c26a41c3bd9f42394e1d0549c551
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options
nosniff
age
9462
status
200
content-disposition
inline;filename="volatile_config.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12556
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 20 Oct 2020 06:53:15 GMT
OM0pQgNxjoZo0LdCwn5Yl_JG4TarjB200XYVDEWIw-MULBhk5B8oJVdpP6vyrVN_YcSFoem5JMHNQS5mS-52UUIkOSThZMDIo1urW5PdXi-QjW6Tso1GPuplKlH4wK58KCpg-96i
lh6.googleusercontent.com/
18 KB
18 KB
Image
General
Full URL
https://lh6.googleusercontent.com/OM0pQgNxjoZo0LdCwn5Yl_JG4TarjB200XYVDEWIw-MULBhk5B8oJVdpP6vyrVN_YcSFoem5JMHNQS5mS-52UUIkOSThZMDIo1urW5PdXi-QjW6Tso1GPuplKlH4wK58KCpg-96i
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
891c8366204653036f8259a6eceb3a2f6820f103770bb22dab62b52d77218daa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options
nosniff
age
9462
status
200
content-disposition
inline;filename="persistent_config.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18129
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 22 Oct 2020 11:04:53 GMT
aEUcKhYb4JNob_aG1wfgyg9o3Yp0fDkvPe5SXgK7ToQACHYtzG263RIWOgNha8W_RBVLuq4BIbuyA1NJiMVBd-vjrIU5FN2FwMrbWQl-RbnQ6e7_cRS2cQeDx7Qw58bI86C_PyE9
lh6.googleusercontent.com/
10 KB
11 KB
Image
General
Full URL
https://lh6.googleusercontent.com/aEUcKhYb4JNob_aG1wfgyg9o3Yp0fDkvPe5SXgK7ToQACHYtzG263RIWOgNha8W_RBVLuq4BIbuyA1NJiMVBd-vjrIU5FN2FwMrbWQl-RbnQ6e7_cRS2cQeDx7Qw58bI86C_PyE9
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9b4cebafdbd3c4e7760d6cd879ea7cc097d139c64e2edf111e9ef1c5e256482e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options
nosniff
age
9462
status
200
content-disposition
inline;filename="xmrig_config.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10733
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 22 Oct 2020 11:04:53 GMT
imagesloaded.min.js
decoded.avast.io/wp-includes/js/
5 KB
2 KB
Script
General
Full URL
https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
content-encoding
gzip
last-modified
Tue, 11 Aug 2020 23:34:35 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
2103
masonry.min.js
decoded.avast.io/wp-includes/js/
24 KB
9 KB
Script
General
Full URL
https://decoded.avast.io/wp-includes/js/masonry.min.js?ver=4.2.2
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
content-encoding
gzip
last-modified
Tue, 11 Aug 2020 23:34:35 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
9216
jquery.masonry.min.js
decoded.avast.io/wp-includes/js/jquery/
2 KB
758 B
Script
General
Full URL
https://decoded.avast.io/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
content-encoding
gzip
last-modified
Mon, 24 Jun 2019 11:02:11 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
724
min.js
decoded.avast.io/wp-content/themes/johannes/assets/js/
112 KB
45 KB
Script
General
Full URL
https://decoded.avast.io/wp-content/themes/johannes/assets/js/min.js?ver=1.1.3
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
5f730e0adb0db34601edf0b7449dae5bcd766311ca1aadf57d58126c554fe2ef

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
content-encoding
gzip
last-modified
Mon, 24 Jun 2019 11:21:52 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
main.js
decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/js/
551 B
357 B
Script
General
Full URL
https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/js/main.js?ver=1.2.1
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
8efd7ef0887f8d97df1f68248a4d6f603ab11021a0f683e61584227ee7a71909

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
content-encoding
gzip
last-modified
Wed, 17 Jul 2019 11:03:00 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
323
new-tab.js
decoded.avast.io/wp-content/plugins/page-links-to/dist/
24 KB
10 KB
Script
General
Full URL
https://decoded.avast.io/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.4
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
content-encoding
gzip
last-modified
Thu, 23 Jul 2020 11:04:52 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
10524
wp-embed.min.js
decoded.avast.io/wp-includes/js/
1 KB
862 B
Script
General
Full URL
https://decoded.avast.io/wp-includes/js/wp-embed.min.js?ver=5.5.1
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
content-encoding
gzip
last-modified
Tue, 31 Mar 2020 23:06:31 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
vary
Accept-Encoding
content-type
application/javascript
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
782
7Auwp_0qiz-afTLGLQjUwkQ.woff2
fonts.gstatic.com/s/muli/v22/
24 KB
24 KB
Font
General
Full URL
https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTLGLQjUwkQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8a71c8749cc0bb450f96766d4cab3b2b9c4d5a9b30c3683f3a5863d8d2ed9c9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://decoded.avast.io
Referer
https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 21 Oct 2020 11:20:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 15 Jul 2020 20:49:47 GMT
server
sffe
age
533171
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24884
x-xss-protection
0
expires
Thu, 21 Oct 2021 11:20:39 GMT
fontawesome-webfont.woff2
decoded.avast.io/wp-content/themes/johannes/assets/fonts/
75 KB
76 KB
Font
General
Full URL
https://decoded.avast.io/wp-content/themes/johannes/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin
https://decoded.avast.io
Referer
https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Mon, 24 Jun 2019 11:19:38 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
font/woff2
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
77160
johannes-font.ttf
decoded.avast.io/wp-content/themes/johannes/assets/fonts/
3 KB
3 KB
Font
General
Full URL
https://decoded.avast.io/wp-content/themes/johannes/assets/fonts/johannes-font.ttf?
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
6e1ba7b6b625d488b2be3593d5ec5c3fca1fc192e9b3475573bf75af25b4cde9

Request headers

Origin
https://decoded.avast.io
Referer
https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:50 GMT
last-modified
Mon, 24 Jun 2019 11:19:40 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
font/ttf
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
2952
socicon.woff
decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/fonts/
98 KB
99 KB
Font
General
Full URL
https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/fonts/socicon.woff
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/css/main.css?ver=1.2.1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
48c273dcbed09b6b87f9365f2f141063f5c859476b53913d94fca1befe90aa0c

Request headers

Origin
https://decoded.avast.io
Referer
https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/css/main.css?ver=1.2.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Wed, 17 Jul 2019 11:03:00 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
font/woff
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
100756
7Auwp_0qiz-afTzGLQjUwkQ1OQ.woff2
fonts.gstatic.com/s/muli/v22/
22 KB
22 KB
Font
General
Full URL
https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTzGLQjUwkQ1OQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea276ad4b08f0ae806922c7d753177df1e11fcd0e924f1ef34e01593fbd0868d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://decoded.avast.io
Referer
https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 21 Oct 2020 11:21:08 GMT
x-content-type-options
nosniff
last-modified
Wed, 15 Jul 2020 20:54:22 GMT
server
sffe
age
533142
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22240
x-xss-protection
0
expires
Thu, 21 Oct 2021 11:21:08 GMT
02_2020_digital-security_GettyImages-1141760307_edited-1920x500.jpg
decoded.avast.io/wp-content/uploads/sites/2/2020/10/
146 KB
147 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/02_2020_digital-security_GettyImages-1141760307_edited-1920x500.jpg
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
b116c00aa639b3afd1c79bb5a7952f73d6c8e3ffd55a35546d6ebf4d4dcc7cfc

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Tue, 13 Oct 2020 10:48:02 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/jpeg
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
149712
map_logo.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/
155 KB
156 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/map_logo.png
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
37f5c4d669b6321542b7e9eb1ce0bfdcae63abb5042f28b31c5e592e194c5ee9

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Tue, 13 Oct 2020 13:16:06 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/png
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
158394
ds_website-1024x699.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/
137 KB
138 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/ds_website-1024x699.png
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
c17bc39d71c7b7df37447523e000425af9469a925b411e7a17ee15addf26f4b0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Thu, 08 Oct 2020 14:11:00 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/png
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
140078
ds_screenshot-1024x639.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/
566 KB
568 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/ds_screenshot-1024x639.png
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
628e171e74ea5ae9aa29a128b053f3eb2a6b72b8ffc095deaf62ef5a3ad6ff1f

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Thu, 08 Oct 2020 14:12:23 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/png
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
579535
linkid.js
www.google-analytics.com/plugins/ua/
2 KB
887 B
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:08:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
1080
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Tue, 27 Oct 2020 16:08:51 GMT
collect
stats.g.doubleclick.net/j/
1 B
85 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-143774004-1&cid=2062547497.1603812411&jid=115188622&gjid=1296451275&_gid=1307200194.1603812411&_u=aGBAgUAjCAAAAE~&z=1645834322
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 27 Oct 2020 15:26:51 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://decoded.avast.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
63 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=1850543282&t=pageview&_s=1&dl=https%3A%2F%2Fdecoded.avast.io%2Fjanvojtesek%2Ffakembam-backdoor-delivered-through-software-updates%2F&ul=en-us&de=UTF-8&dt=FakeMBAM%3A%20Backdoor%20delivered%20through%20software%20updates%20-%20Avast%20Threat%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgUAjC~&jid=115188622&gjid=1296451275&cid=2062547497.1603812411&tid=UA-143774004-1&_gid=1307200194.1603812411&z=173305336
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Oct 2020 10:37:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
17379
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
obf_dstudio-1.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/
20 KB
20 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/obf_dstudio-1.png
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
1a978b29056d0376b2765ac18cb61d9f20e65db7cd1343083955b94db11dc08a

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Fri, 09 Oct 2020 12:55:38 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/png
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
20579
obf_backdoor-1.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/
20 KB
20 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/obf_backdoor-1.png
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
482f85441fcf092fd9302fa08a5dae4d43c5277240a7489a0a5bcb38fe32f684

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Fri, 09 Oct 2020 12:55:47 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/png
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
20843
faq-1024x358.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/
67 KB
67 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/faq-1024x358.png
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
7307294216c5fbe9ef6a9111f18ed211525f32b556dd343374a1be0e1264faf4

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Thu, 08 Oct 2020 14:22:09 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/png
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
68713
fake_installer.jpg
decoded.avast.io/wp-content/uploads/sites/2/2020/10/
48 KB
48 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/fake_installer.jpg
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
729041faacb90fe7c19f67ca0c389b921e219d1982aea7c98a7e104043287ae0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Thu, 08 Oct 2020 14:23:11 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/jpeg
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
49188
real_installer.jpg
decoded.avast.io/wp-content/uploads/sites/2/2020/10/
45 KB
45 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/real_installer.jpg
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
f5220e02a5ce5683ad18312b40255162b7375741e0fa02fa4b5a0e724cfbcf61

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Thu, 08 Oct 2020 14:23:16 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/jpeg
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
45758
Xtd3TnvyHWfJWo5-Dz5VgbBXlefslSbodLMeH-Z7j6ryZp5lbXqAo4Qho2CYhhNdZ3kodoVxpdU8cWX3GQ6Ts6my39lE-6kpLf97mNBqWsJBrCJwbA99XbSyS5jbU6TNRC7Tf8lf
lh4.googleusercontent.com/
12 KB
12 KB
Image
General
Full URL
https://lh4.googleusercontent.com/Xtd3TnvyHWfJWo5-Dz5VgbBXlefslSbodLMeH-Z7j6ryZp5lbXqAo4Qho2CYhhNdZ3kodoVxpdU8cWX3GQ6Ts6my39lE-6kpLf97mNBqWsJBrCJwbA99XbSyS5jbU6TNRC7Tf8lf
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c2892c013d3bce21da7802f1af2fd0e5d1047db947fbc899e4cb092cf0825b4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options
nosniff
age
0
status
200
content-disposition
inline;filename="createservice.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12277
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 27 Oct 2020 10:27:46 GMT
ransom-540x304.jpg
decoded.avast.io/wp-content/uploads/sites/2/2019/10/
47 KB
47 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2019/10/ransom-540x304.jpg
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
f308183a9aa0417e075c006c9a043f2d4ecbf53c7fb58dd4e758808836f6625b

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Thu, 10 Sep 2020 16:59:51 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/jpeg
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
47680
jose-fontano-pZld9PiPDno-unsplash_edited-540x304.jpg
decoded.avast.io/wp-content/uploads/sites/2/2020/09/
36 KB
36 KB
Image
General
Full URL
https://decoded.avast.io/wp-content/uploads/sites/2/2020/09/jose-fontano-pZld9PiPDno-unsplash_edited-540x304.jpg
Requested by
Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
wp2.bluehost.com
Software
nginx/1.19.0 /
Resource Hash
a8f3c21ec235b928cc493c9bd37cc45d4bf2e66630a38c2193794baaae00d430

Request headers

Referer
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 15:26:51 GMT
last-modified
Thu, 17 Sep 2020 09:36:25 GMT
server
nginx/1.19.0
accept-ranges
bytes
x-server-cache
false
content-type
image/jpeg
status
200
host-header
d3AuYmx1ZWhvc3QuY29t
content-length
36543

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes string| mi_version boolean| mi_track_user string| mi_no_track_reason string| disableStr function| __gaTrackerIsOptedOut function| __gaTrackerOptout function| gaOptout string| GoogleAnalyticsObject function| __gaTracker object| _wpemojiSettings object| _nsl object| monsterinsights_frontend function| MonsterInsights object| MonsterInsightsObject undefined| $ function| jQuery object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| twemoji object| wp function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry object| johannes_js_settings function| objectFitImages function| PhotoSwipeUI_Default function| PhotoSwipe object| picturefillCFG function| picturefill object| jQuery1124007453122354364239 function| NSLPopup function| nslRedirect

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

decoded.avast.io
fonts.googleapis.com
fonts.gstatic.com
lh3.googleusercontent.com
lh4.googleusercontent.com
lh6.googleusercontent.com
stats.g.doubleclick.net
www.google-analytics.com
162.241.248.14
2a00:1450:4001:800::2001
2a00:1450:4001:801::200a
2a00:1450:4001:803::2001
2a00:1450:4001:81f::2003
2a00:1450:4001:824::200e
2a00:1450:400c:c00::9c
1a978b29056d0376b2765ac18cb61d9f20e65db7cd1343083955b94db11dc08a
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
250fd3e1a88e39683d7798ac68311b15d4dd859903bc8faec08c37c0142f2c72
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
37f5c4d669b6321542b7e9eb1ce0bfdcae63abb5042f28b31c5e592e194c5ee9
482f85441fcf092fd9302fa08a5dae4d43c5277240a7489a0a5bcb38fe32f684
48c273dcbed09b6b87f9365f2f141063f5c859476b53913d94fca1befe90aa0c
4ac781760d8b0bfc4d74d983009b0496ab719902d7147d32e2ca6d62d9e45660
4b5806f91aaf7400568047017a52109397a8c26a41c3bd9f42394e1d0549c551
56a249e2a963e73aae401de2991dfb81883700c9a8db943ee79b1f5c94d063f6
57949531fa389d9231049d557aff639a6155565eae5c757b5223b8e24c701005
5f730e0adb0db34601edf0b7449dae5bcd766311ca1aadf57d58126c554fe2ef
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
628e171e74ea5ae9aa29a128b053f3eb2a6b72b8ffc095deaf62ef5a3ad6ff1f
63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e1ba7b6b625d488b2be3593d5ec5c3fca1fc192e9b3475573bf75af25b4cde9
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
729041faacb90fe7c19f67ca0c389b921e219d1982aea7c98a7e104043287ae0
7307294216c5fbe9ef6a9111f18ed211525f32b556dd343374a1be0e1264faf4
7650a9a626dea790f9ff92fc5a189063505ef870c1867daee0451ad8c83591db
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
891c8366204653036f8259a6eceb3a2f6820f103770bb22dab62b52d77218daa
8a71c8749cc0bb450f96766d4cab3b2b9c4d5a9b30c3683f3a5863d8d2ed9c9a
8b7f6b3b98d203b064eeb91445b8bfc6f5bec3a2e7b76af8a23a7cb6cd0d8add
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
8d97a7cf891b0c3f0448f17d5319aa621e66755fe12f23cd10b83830c2ac8a12
8efd7ef0887f8d97df1f68248a4d6f603ab11021a0f683e61584227ee7a71909
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
976119a6256ba5a34502c5e8fad48bdd8993c0193487704d2ed28d54dcb92a60
9b4cebafdbd3c4e7760d6cd879ea7cc097d139c64e2edf111e9ef1c5e256482e
a61e94c6cee47c0f689736d8b6d3a8ba98f9501a3e834b2cdedc374e4b88c6cf
a8f3c21ec235b928cc493c9bd37cc45d4bf2e66630a38c2193794baaae00d430
b116c00aa639b3afd1c79bb5a7952f73d6c8e3ffd55a35546d6ebf4d4dcc7cfc
b3286ecf74a365433ac5e36f19b40120dee60243880b6a01c46adefe60c04d1b
c17bc39d71c7b7df37447523e000425af9469a925b411e7a17ee15addf26f4b0
c2892c013d3bce21da7802f1af2fd0e5d1047db947fbc899e4cb092cf0825b4d
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
c7d69d84702a9288d0b41d02bd6d47180055d6cb47c980dd1f15508c09989529
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e88d693c54a4ebfee33b0ac41924fbacce73ea68cd23d0928d45bafbb4704c01
e9aeefb16b3c0ef2afed8d77e52fcd696b92264c5ed8d897896b57efe63da01c
ea276ad4b08f0ae806922c7d753177df1e11fcd0e924f1ef34e01593fbd0868d
f308183a9aa0417e075c006c9a043f2d4ecbf53c7fb58dd4e758808836f6625b
f5220e02a5ce5683ad18312b40255162b7375741e0fa02fa4b5a0e724cfbcf61
f9191233f06665045c919afe114da6f2c30675db6d91a2b315990ecb477d3260
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
ff9c887eaac88a3776c7275fc3c1b1beb06ca635fbe382636162d2d5a7851a31