forums.malwarebytes.com Open in urlscan Pro
13.225.78.37 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Submission Tags: falconsandbox
Submission: On August 19 via api (August 19th 2021, 3:00:58 am UTC) from US

Summary HTTP 76 Redirects Links 116 Behaviour Indicators

Summary

This website contacted 33 IPs in 4 countries across 26 domains to perform 76 HTTP transactions. The main IP is 13.225.78.37, located in United States and belongs to AMAZON-02, US. The main domain is forums.malwarebytes.com.
TLS certificate: Issued by Amazon on September 17th 2020. Valid for: a year.

This is the only time forums.malwarebytes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	13.225.78.37 13.225.78.37	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
26	2600:9000:20e... 2600:9000:20eb:c00:1e:ebe7:1480:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:6c0... 2a02:26f0:6c00:2b0::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1	13.224.96.5 13.224.96.5	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:6c0... 2a02:26f0:6c00:28b::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:21f... 2600:9000:21f3:4000:16:26c7:ff80:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
3	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	13.225.78.112 13.225.78.112	16509 (AMAZON-02) (AMAZON-02)
2 2	52.30.222.33 52.30.222.33	16509 (AMAZON-02) (AMAZON-02)
1 2	13.225.78.83 13.225.78.83	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
3	104.75.88.209 104.75.88.209	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	54.77.48.133 54.77.48.133	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
76	33

2 13.225.78.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-37.fra2.r.cloudfront.net

forums.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2600:9000:20eb:c00:1e:ebe7:1480:93a1 (United States)

ASN16509 (AMAZON-02, US)

content.invisioncic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:2b0::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-5.zrh50.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:28b::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:4000:16:26c7:ff80:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-112.fra2.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.222.33 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-222-33.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.78.83 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-83.fra2.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.75.88.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-209.deploy.static.akamaitechnologies.com

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.48.133 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-48-133.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	invisioncic.com content.invisioncic.com	583 KB
6	bing.com bat.bing.com	10 KB
4	crazyegg.com script.crazyegg.com	25 KB
4	google.com 1 redirects www.google.com	199 B
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	google-analytics.com www.google-analytics.com	20 KB
3	pinterest.com ct.pinterest.com	1 KB
3	google.de www.google.de	235 B
3	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	malwarebytes.com forums.malwarebytes.com www.malwarebytes.com	106 KB
2	googleadservices.com www.googleadservices.com	15 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	pinimg.com s.pinimg.com	18 KB
2	yimg.com s.yimg.com	7 KB
2	licdn.com snap.licdn.com	5 KB
2	googletagmanager.com www.googletagmanager.com	127 KB
1	t.co t.co	454 B
1	twitter.com analytics.twitter.com	660 B
1	adsrvr.org insight.adsrvr.org	261 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	rlcdn.com id.rlcdn.com	66 B
1	gstatic.com fonts.gstatic.com	36 KB
1	unpkg.com unpkg.com	2 KB
1	demandbase.com scripts.demandbase.com	16 KB
1	googleapis.com fonts.googleapis.com	789 B
76	26

	Domain	Requested by
26	content.invisioncic.com	forums.malwarebytes.com content.invisioncic.com
6	bat.bing.com	www.googletagmanager.com bat.bing.com forums.malwarebytes.com
4	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
4	www.google.com	1 redirects forums.malwarebytes.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com forums.malwarebytes.com
3	ct.pinterest.com	s.pinimg.com forums.malwarebytes.com
3	www.google.de	forums.malwarebytes.com
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
2	segments.company-target.com	1 redirects forums.malwarebytes.com
2	match.prod.bidr.io	2 redirects
2	px.ads.linkedin.com	2 redirects
2	s.pinimg.com	www.googletagmanager.com s.pinimg.com
2	s.yimg.com	forums.malwarebytes.com s.yimg.com
2	snap.licdn.com	www.googletagmanager.com
2	www.googletagmanager.com	forums.malwarebytes.com www.googletagmanager.com
2	forums.malwarebytes.com	forums.malwarebytes.com
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	insight.adsrvr.org
1	static.ads-twitter.com	forums.malwarebytes.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	id.rlcdn.com	forums.malwarebytes.com
1	api.company-target.com	scripts.demandbase.com
1	px4.ads.linkedin.com	forums.malwarebytes.com
1	www.linkedin.com	1 redirects
1	www.malwarebytes.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	unpkg.com	www.googletagmanager.com
1	scripts.demandbase.com	forums.malwarebytes.com
1	fonts.googleapis.com	forums.malwarebytes.com
76	31

This site contains links to these domains. Also see Links.

Domain
www.malwarebytes.com
twitter.com
www.facebook.com
www.reddit.com
pinterest.com
content.invisioncic.com
www.bleepingcomputer.com
www.linkedin.com
www.youtube.com
www.instagram.com
www.invisioncommunity.com

Subject Issuer	Validity	Valid
forums.malwarebytes.com Amazon	`2020-09-17` - `2021-10-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-07-26` - `2021-10-18`	3 months	crt.sh
content.invisioncic.com Amazon	`2020-09-16` - `2021-10-18`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-07-06` - `2022-01-06`	6 months	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-07-26` - `2021-09-15`	2 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-14` - `2021-11-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-02` - `2022-07-01`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
www.malwarebytes.com Amazon	`2021-05-26` - `2022-06-24`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-09` - `2021-10-28`	a year	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2021-06-19` - `2022-07-21`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Frame ID: 75F5CF6683B04F24EE5633AC6376A3A2
Requests: 78 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
html //i

Page Statistics

76
Requests

100 %
HTTPS

61 %
IPv6

26
Domains

31
Subdomains

33
IPs

4
Countries

979 kB
Transfer

2804 kB
Size

12
Cookies

116 Outgoing links

These are links going to different origins than the main page.

URL: https://www.malwarebytes.com/
Title: Home

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/premium/
Title: Malwarebytes for Windows

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mac/
Title: Malwarebytes for Mac

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/vpn
Title: Malwarebytes Privacy

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/
Title: Business

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpointsecurity/
Title: Endpoint Security

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpointprotection/
Title: Endpoint Protection

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/incidentresponse/
Title: Incident Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpointprotectionandresponse/
Title: Endpoint Protection & Incident Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mobile/
Title: Mobile

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/android/
Title: Malwarebytes for Android

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ios/
Title: Malwarebytes for iOS

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/
Title: Partners

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/techbench/
Title: Malwarebytes Techbench

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/managed-service-providers/
Title: MSP

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/what-is-vpn/
Title: VPN

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/antivirus/
Title: Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/malware/
Title: Malware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/android-antivirus/
Title: Android Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mac-antivirus/
Title: Mac Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/hacker/
Title: Hacker

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/cybersecurity/
Title: Cybersecurity

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/identity-theft/
Title: Identity Theft

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/what-is-password-manager/
Title: Password Manager

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ransomware/
Title: Ransomware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/keylogger/
Title: Keylogger

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/adware/
Title: Adware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/spyware/
Title: Spyware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/sql-injection/
Title: SQL Injection

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ddos/
Title: DDoS

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/cryptojacking/
Title: Cryptojacking

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/data-breach/
Title: Data Breach

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/computer-virus/
Title: Computer Virus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/social-engineering/
Title: Social Engineering

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/malvertising/
Title: Malvertising

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/emotet/
Title: Emotet

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/trojan/
Title: Trojan

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/exploits/
Title: Exploit

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/backdoor/
Title: Backdoor

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/scam-call/
Title: Scam Call

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/spam/
Title: Spam

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/phishing/
Title: Phishing

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/spoofing/
Title: Spoofing

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: https://content.invisioncic.com/Mmalware/monthly_2018_07/virus.JPG.99ed2036a66b7cd71fc02aee16feff5a.JPG

Search URL Search Domain Scan URL

URL: https://content.invisioncic.com/Mmalware/monthly_2018_07/virus1.JPG.488f405218933392246e7fc0354949d5.JPG

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258116
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258116
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258116&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1258116&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Title: Farbar Recovery Scan Tool (64 bit)

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Title: Farbar Recovery Scan Tool (32 bit)

Search URL Search Domain Scan URL

URL: https://content.invisioncic.com/Mmalware/imageproxy/attachlogs.png.69bf3011b4613b964599b0a9c5b5d1fb.png

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258120
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258120
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258120&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1258120&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258167
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258167
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258167&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1258167&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258289
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258289
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258289&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1258289&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258377
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258377
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258377&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1258377&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258799
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258799
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1258799&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1258799&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1260533
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1260533
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1260533&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1260533&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1260569
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1260569
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1260569&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1260569&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1263457
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1263457
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1263457&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1263457&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264192
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264192
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264192&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1264192&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264213
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264213
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264213&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1264213&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: https://content.invisioncic.com/Mmalware/monthly_2018_08/Capture.JPG.f1ef17f2f40fdb757c76430fb269544f.JPG

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264671
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264671
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264671&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1264671&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264747
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264747
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264747&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1264747&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264829
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264829
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%3Fdo%3DfindComment%26comment%3D1264829&title=I+found+strange+app+on+AppData%2FRoaming
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/?do=findComment%26comment=1264829&media=https://content.invisioncic.com/Mmalware/monthly_2020_09/MB_ICON_196x196.png.add66bd0622be5122328978d35ce35c3.png
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/malwarebytes

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Malwarebytes/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/malwarebytes

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.instagram.com/malwarebytesofficial/

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/legal/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.invisioncommunity.com/
Title: Powered by Invision Community

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1629342040802&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2567940%26time%3D1629342040802%26url%3Dhttps%253A%252F%252Fforums.malwarebytes.com%252Ftopic%252F233470-i-found-strange-app-on-appdataroaming%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1629342040802&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1629342040802&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&liSync=true&e_ipv6=AQK1RzEubzHAqwAAAXtcWoUnoOUdL48LbVgLKdA_R1GWpDVyQnxjTrJ2J-hs9Xp5XL3WBrtJ

Request Chain 49

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AABmhk7CO5MAACBnWu6t-A HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABmhk7CO5MAACBnWu6t-A&verifyHash=a0959e7f9705bf5cf7de70bc108f416b3cc49034

Request Chain 62

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/380232391/?random=1162368803&cv=9&fst=1629342040903&num=1&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1383955112.1629342040&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=WMkdYeekOLH5-gan4J2IBA&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/380232391/?random=1162368803&cv=9&fst=1629342040903&num=1&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1383955112.1629342040&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=WMkdYeekOLH5-gan4J2IBA&cid=CAQSKQCNIrLMuSViS6QcMXjiXihaObHOZxx9WVN3EBVNiD5uILLGAFicmKvB&random=2034081029&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/380232391/?random=1162368803&cv=9&fst=1629342040903&num=1&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1383955112.1629342040&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=WMkdYeekOLH5-gan4J2IBA&cid=CAQSKQCNIrLMuSViS6QcMXjiXihaObHOZxx9WVN3EBVNiD5uILLGAFicmKvB&random=2034081029&resp=GooglemKTybQhCsO&ipr=y

76 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/ 256 KB
29 KB 544ms
483ms Document
text/html 13.225.78.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.37 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-37.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

494d26e831292dde75c737f238919bc3dd8771662c6035f43a3f958cf031b999

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	0

Request headers

:method: GET
:authority: forums.malwarebytes.com
:scheme: https
:path: /topic/233470-i-found-strange-app-on-appdataroaming/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html;charset=UTF-8
content-length: 28621
date: Thu, 19 Aug 2021 03:00:40 GMT
set-cookie: AWSALB=yUWf+9nkOdWqzSIBX011ADptAuI1dXwCRSjFw2tbiRhRtO9o2zRTpNob+MVEnh9y6SNM/W7lw6JdMs+JAmw2Cn49QtKnrEu9Ik4uNRWgXqo8vbB9wdc+BYyYBoAe; Expires=Thu, 26 Aug 2021 03:00:39 GMT; Path=/ AWSALBCORS=yUWf+9nkOdWqzSIBX011ADptAuI1dXwCRSjFw2tbiRhRtO9o2zRTpNob+MVEnh9y6SNM/W7lw6JdMs+JAmw2Cn49QtKnrEu9Ik4uNRWgXqo8vbB9wdc+BYyYBoAe; Expires=Thu, 26 Aug 2021 03:00:39 GMT; Path=/; SameSite=None ips4_IPSSessionFront=24nsj58q4b2eoka9ndfbbvo52f; path=/; secure; HttpOnly
server: Apache
x-ips-loggedin: 0
content-encoding: gzip
x-xss-protection: 0
x-frame-options: sameorigin
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 19 Aug 2021 03:00:40 GMT
expires: Thu, 19 Aug 2021 03:15:40 GMT
cache-control: max-age=900, public, s-maxage=900, stale-while-revalidate, stale-if-error
x-content-type-options: nosniff
vary: Cookie,Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: SMtMD9JRZJYtHZs_doS2G0Gq_mYuEB0ZYnh116RZvO-tRwgLB98a7A==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 302 KB
89 KB 35ms
33ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4dfe78169eeda101ab9eb6be17e1f444587282929990f1d66ad5308bffdfec3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:40 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90777
x-xss-protection: 0
expires: Thu, 19 Aug 2021 03:00:40 GMT

GET
H2 200 fontawesome-webfont.woff2
forums.malwarebytes.com/applications/core/interface/font/ 75 KB
76 KB 21ms
18ms Font
application/octet-stream 13.225.78.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://forums.malwarebytes.com/applications/core/interface/font/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-37.fra2.r.cloudfront.net
Software: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.3.21 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

sec-fetch-mode: cors
origin: https://forums.malwarebytes.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: AWSALB=yUWf+9nkOdWqzSIBX011ADptAuI1dXwCRSjFw2tbiRhRtO9o2zRTpNob+MVEnh9y6SNM/W7lw6JdMs+JAmw2Cn49QtKnrEu9Ik4uNRWgXqo8vbB9wdc+BYyYBoAe; ips4_IPSSessionFront=24nsj58q4b2eoka9ndfbbvo52f
:path: /applications/core/interface/font/fontawesome-webfont.woff2?v=4.7.0
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: forums.malwarebytes.com
referer: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://forums.malwarebytes.com
Referer: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 03 Sep 2020 02:50:22 GMT
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
last-modified: Fri, 28 Aug 2020 15:42:00 GMT
server: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.3.21
age: 30240617
etag: "12d68-5adf1e4bf0200"
x-cache: Hit from cloudfront
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: PDr-Zsfj1miASsB6osuUe5sa9SP71X2AWIRVnO_yHkzMcgv_bV0wRg==

GET
H2 200 css
fonts.googleapis.com/ 8 KB
789 B 17ms
14ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,500,700,700i

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4b4c5de41e8a5a6dee442ef83c9ea2ad2d76eeeb07339613f9eccedcb1ca1f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 02:44:46 GMT
server: ESF
date: Thu, 19 Aug 2021 03:00:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Aug 2021 03:00:40 GMT

GET
H2 200 341e4a57816af3ba440d891ca87450ff_framework.css.gz
content.invisioncic.com/Mmalware/css_built_28/ 308 KB
56 KB 64ms
12ms Stylesheet
text/css 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_28/341e4a57816af3ba440d891ca87450ff_framework.css.gz?v=d815db93211627572978
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 074302dc9cfdf8813bdd6fa67dd48a49273a471edd15f192a40fbb869af51d0b

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 15:37:38 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 15:36:24 GMT
server: AmazonS3
age: 1768983
etag: "8a494534cae63d791ebe8288e2494c86"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/css
content-length: 57296
x-amz-cf-id: xHoNA8cqOD0793kGHwrvWCNxB2nnBKy1VZfkXZclxymBCvaRahy82Q==

GET
H2 200 05e81b71abe4f22d6eb8d1a929494829_responsive.css.gz
content.invisioncic.com/Mmalware/css_built_28/ 35 KB
7 KB 64ms
13ms Stylesheet
text/css 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_28/05e81b71abe4f22d6eb8d1a929494829_responsive.css.gz?v=d815db93211627572978
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2e592ea8a71afaa0b9fae4c7838c22d89acde0cf142142460d615090127ddd95

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 15:37:38 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 15:36:21 GMT
server: AmazonS3
age: 1768983
etag: "64e5ea3fbe43b82dd8289e9a5f00bb33"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/css
content-length: 6750
x-amz-cf-id: 6EWdBuSksQnLMpeLBTdlNRvrt7oPgGMp8QeV-QPeau3XL_UVEZPPqA==

GET
H2 200 90eb5adf50a8c640f633d47fd7eb1778_core.css.gz
content.invisioncic.com/Mmalware/css_built_28/ 17 KB
5 KB 66ms
15ms Stylesheet
text/css 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_28/90eb5adf50a8c640f633d47fd7eb1778_core.css.gz?v=d815db93211627572978
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c16497cc0b2b637adac3749984c0f9444979d059c3f3538762050683f92b3e8d

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 15:37:38 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 15:36:21 GMT
server: AmazonS3
age: 1768983
etag: "832cd7d32058aff159e28d99e3a579dc"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/css
content-length: 4424
x-amz-cf-id: 6wd8KXHYlLmiwPYghzxxCCokuoPyMFeygXMHanjzs_s6B1-ctDB15A==

GET
H2 200 5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.gz
content.invisioncic.com/Mmalware/css_built_28/ 5 KB
2 KB 64ms
13ms Stylesheet
text/css 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_28/5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.gz?v=d815db93211627572978
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4e0f39543ae4c15cfe3222f68e358c416dc79cb262c16c8d5b46281a5d850f40

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 15:37:38 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 15:36:21 GMT
server: AmazonS3
age: 1768983
etag: "5c3c523b949cbb61acd0828c69748124"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/css
content-length: 1204
x-amz-cf-id: d53fG8EJ048BQz4QXFpZ7Y-LXjObyne0upyGqT9fu3bVmnNRk12vbQ==

GET
H2 200 62e269ced0fdab7e30e026f1d30ae516_forums.css.gz
content.invisioncic.com/Mmalware/css_built_28/ 16 KB
4 KB 65ms
14ms Stylesheet
text/css 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_28/62e269ced0fdab7e30e026f1d30ae516_forums.css.gz?v=d815db93211627572978
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 78bb8d518f95a6e93e5dd8ffe6500c4baf43f0b1409b3744e745b5139c886ef2

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 15:37:38 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 15:36:25 GMT
server: AmazonS3
age: 1768983
etag: "9cc384d35dd8c466fca0e7722ee46e73"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/css
content-length: 3783
x-amz-cf-id: 8ScScSmfzcpyuhjxq6M-ZqZ6GDWQAca4H8ee9G2PtieSajNzS59eeg==

GET
H2 200 76e62c573090645fb99a15a363d8620e_forums_responsive.css.gz
content.invisioncic.com/Mmalware/css_built_28/ 7 KB
2 KB 80ms
29ms Stylesheet
text/css 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_28/76e62c573090645fb99a15a363d8620e_forums_responsive.css.gz?v=d815db93211627572978
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 07fbbfd8f908b547a39cbb53d85c204d4668ac45979862d8ca49892085669dea

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 15:37:38 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 15:36:24 GMT
server: AmazonS3
age: 1768983
etag: "fd6252f9621681a87b55e87c32a1c96d"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/css
content-length: 1435
x-amz-cf-id: 0Q_mqaTGQAA0yq1aBcJKARyKgiFX4maZf2JRlXJo1anHNzD8F01NxQ==

GET
H2 200 ebdea0c6a7dab6d37900b9190d3ac77b_topics.css.gz
content.invisioncic.com/Mmalware/css_built_28/ 3 KB
1 KB 80ms
30ms Stylesheet
text/css 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_28/ebdea0c6a7dab6d37900b9190d3ac77b_topics.css.gz?v=d815db93211627572978
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9bde20f23db841b077e3392fb8fbaac4c6fe1392bfd7b8f0947e3ee32f41f6d0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 15:37:38 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 15:36:27 GMT
server: AmazonS3
age: 1768983
etag: "179f44143d9f001cfe0953cddb82c253"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/css
content-length: 927
x-amz-cf-id: uJFQQrnf8rT4G6wPKbdfr5Khsrf9cV26yTrdgIrHJiPiSXaQl21EtQ==

GET
H2 200 258adbb6e4f3e83cd3b355f84e3fa002_custom.css.gz
content.invisioncic.com/Mmalware/css_built_28/ 921 B
836 B 78ms
29ms Stylesheet
text/css 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_28/258adbb6e4f3e83cd3b355f84e3fa002_custom.css.gz?v=d815db93211627572978
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e36308a13aa06d085ad95ecf45f9dfa5352f683f6fb03c27fc35887bcf6f678

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 15:37:38 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 15:36:28 GMT
server: AmazonS3
age: 1768983
etag: "888870628c8044a41eb685cab13f6d18"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/css
content-length: 453
x-amz-cf-id: BQnYh1yqRXRZK9X4-rey-2BeSm40DI1a05eBtxTwGvnMllE2acVC_w==

GET
H2 200 virus.JPG.99ed2036a66b7cd71fc02aee16feff5a.JPG
content.invisioncic.com/Mmalware/monthly_2018_07/ 80 KB
80 KB 49ms
46ms Image
image/jpeg 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/monthly_2018_07/virus.JPG.99ed2036a66b7cd71fc02aee16feff5a.JPG
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 37f6a6e8087658986a7cbe38c1e127643326c4fabf1480b592bd9b51d97810da

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 06:22:16 GMT
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
last-modified: Sun, 22 Jul 2018 13:20:42 GMT
server: AmazonS3
age: 765505
etag: "8d8e8060248d0e873ff2580196057238"
x-cache: Hit from cloudfront
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 81820
x-amz-cf-id: 4SEJ6SQ2JSaW9xyZN69JQmeWng8qqNxIzAwtPjJQS_HO57lKEeFfUQ==

GET
H2 200 virus1.JPG.488f405218933392246e7fc0354949d5.JPG
content.invisioncic.com/Mmalware/monthly_2018_07/ 11 KB
12 KB 430ms
427ms Image
image/jpeg 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/monthly_2018_07/virus1.JPG.488f405218933392246e7fc0354949d5.JPG
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cffa66a3266b7f876d47c7ce6ab05a6f0cad6b0583b723262597772e04b2ce3f

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:41 GMT
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
last-modified: Sun, 22 Jul 2018 13:26:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "1f09a0569b9be221a8f86ca50e8ffea8"
x-cache: Miss from cloudfront
x-amz-version-id: null
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: image/jpeg
content-length: 11435
x-amz-cf-id: JqtLQYmnHMNjaF45MHNuMv4oxuAPz8LKLUA5409RU_aIekqiTLIP-g==

GET
H2 200 MWB4_FreeDownload_728x90_v1.jpg.b80b620cce83ef5649ae4740e701210c.jpg
content.invisioncic.com/Mmalware/monthly_2020_08/ 16 KB
16 KB 50ms
47ms Image
image/jpeg 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/monthly_2020_08/MWB4_FreeDownload_728x90_v1.jpg.b80b620cce83ef5649ae4740e701210c.jpg
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 73c6d9bea582fd9ea44e6f647006f9ef8b4af0c15199ff20bd524186913eb9e2

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 01:05:03 GMT
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
last-modified: Tue, 25 Aug 2020 00:38:45 GMT
server: AmazonS3
age: 2858138
etag: "f0356d9351192b59bc7db4b160684b81"
x-cache: Hit from cloudfront
x-amz-version-id: gZw59MumHC3jdRWKPrDF1l.WFGbejRR2
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 16292
x-amz-cf-id: l4XEnBARzCF7KlMruigIZre_L694dG-ZIZl6M5Cqt-LJlHrElA4mFQ==

GET
DATA 200
OK truncated
/ 283 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be5fb7b18d38d2f7d45e58a9130c8f179fbca95035c526cb984415219f45d0b1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 283 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84925038dd75196a324b3a9935a6b11a0311ca9c0c594eda0bf8fc40e169e525

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 attachlogs.png.69bf3011b4613b964599b0a9c5b5d1fb.png
content.invisioncic.com/Mmalware/imageproxy/ 16 KB
16 KB 45ms
42ms Image
image/png 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/imageproxy/attachlogs.png.69bf3011b4613b964599b0a9c5b5d1fb.png
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6e602d17e51b21001f3cbe4886c7902037eaa5b24e4271f8023a7cb39033a583

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 08:20:58 GMT
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
last-modified: Fri, 25 Oct 2019 03:44:40 GMT
server: AmazonS3
age: 16310383
etag: "d096ddda2383f6025df7e5e4e3e78d34"
x-cache: Hit from cloudfront
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: image/png
content-length: 15900
x-amz-cf-id: _1biocC4n5BhRTndplmI-HFxlOXZbNtcWY0OL_4meH-rAYlT_cbWkw==

GET
H2 200 455389808_MWBStaffLogoShort.png.471513c6a13f05393350352f7bc42e55.png
content.invisioncic.com/Mmalware/monthly_2020_11/ 3 KB
3 KB 44ms
41ms Image
image/png 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/monthly_2020_11/455389808_MWBStaffLogoShort.png.471513c6a13f05393350352f7bc42e55.png
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24c13cdea638620ec96bc3b7ba1bdef0cbe3ad0847b2ddc6f041df1fa24cffa4

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 05:51:19 GMT
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
last-modified: Fri, 06 Nov 2020 22:28:19 GMT
server: AmazonS3
age: 1976962
etag: "840107c60632e151d3d4ed52457243db"
x-cache: Hit from cloudfront
x-amz-version-id: g54XEf4skAMSD4MV29N7aPk8wAUfSLu7
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: image/png
content-length: 2919
x-amz-cf-id: sLwi5uErpBNdpzpLVy_xeK_nfMkwD8ehNb43VgIm_trZOkGSFs-N8Q==

GET
H2 200 1982337953_MWBStaffLogoShort.png.445586589cb72bdf606d8919922c5aaa.png
content.invisioncic.com/Mmalware/monthly_2020_10/ 3 KB
3 KB 47ms
45ms Image
image/png 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/monthly_2020_10/1982337953_MWBStaffLogoShort.png.445586589cb72bdf606d8919922c5aaa.png
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24c13cdea638620ec96bc3b7ba1bdef0cbe3ad0847b2ddc6f041df1fa24cffa4

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 16:44:16 GMT
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
last-modified: Mon, 05 Oct 2020 19:11:05 GMT
server: AmazonS3
age: 5912185
etag: "840107c60632e151d3d4ed52457243db"
x-cache: Hit from cloudfront
x-amz-version-id: j_nFKz7AMmtZn1xq0ZTEOPc.48yhsFTn
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: image/png
content-length: 2919
x-amz-cf-id: DtRxdejIrvLXnjfC351Ew6LCYs9tNwEERNdHwUCW3OpibsDXns_luA==

GET
H2 200 Capture.thumb.JPG.9b69c7edc1fef3ad874db75fb9340e1f.JPG
content.invisioncic.com/Mmalware/monthly_2018_08/ 58 KB
58 KB 48ms
45ms Image
image/jpeg 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/monthly_2018_08/Capture.thumb.JPG.9b69c7edc1fef3ad874db75fb9340e1f.JPG
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c556c02edfc745804214d4142c3b7b48d19f73fe2ebc66b63afbfb9f4f53c95c

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 06:22:18 GMT
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
last-modified: Tue, 21 Aug 2018 06:20:21 GMT
server: AmazonS3
age: 765503
etag: "0ca80662ae69bb767c08e6d2b1d7e35b"
x-cache: Hit from cloudfront
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 59000
x-amz-cf-id: 9GcATp6GBuTkGOGrQttE3na1lgBjoNgpzUXJ4UsUGeceoIgnDO0_OA==

GET
H2 403 default_smile.png
content.invisioncic.com/Mmalware/emoticons/ 0
0 401ms
398ms Image
application/xml 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/emoticons/default_smile.png
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 MWB4_FreeDownload_728x90_v1.jpg.5b008278530bf816655dbb1ec796173c.jpg
content.invisioncic.com/Mmalware/monthly_2020_08/ 16 KB
16 KB 47ms
44ms Image
image/jpeg 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/monthly_2020_08/MWB4_FreeDownload_728x90_v1.jpg.5b008278530bf816655dbb1ec796173c.jpg
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 73c6d9bea582fd9ea44e6f647006f9ef8b4af0c15199ff20bd524186913eb9e2

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Aug 2021 10:59:13 GMT
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
last-modified: Tue, 25 Aug 2020 00:41:21 GMT
server: AmazonS3
age: 1526487
etag: "f0356d9351192b59bc7db4b160684b81"
x-cache: Hit from cloudfront
x-amz-version-id: MNnZHAJMYhDJUF.vMbK1qXLuHRyyzGm1
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 16292
x-amz-cf-id: MihBs0L6s89w9pNTssyJkO_VudEKVnkrNJBEXlrYWtFauS3YKxWO4Q==

GET
H2 200 root_library.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 389 KB
129 KB 16ms
13ms Script
text/javascript 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211629274895
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 031997d2a8c38787ba9043e2cd8bc08b152e316f01521d658daef96e579ea1ef

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:21:47 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 16:15:32 GMT
server: AmazonS3
age: 67134
etag: "756a67251283e5dabc18ce69ca6d7835"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/javascript
content-length: 131263
x-amz-cf-id: F3V9MeJIeKwgtlqVf5y_lev13jr9xAvc2D9L1m6hO5LrNL8VjORrMg==

GET
H2 200 root_js_lang_1.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 98 KB
31 KB 16ms
13ms Script
text/javascript 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_js_lang_1.js.gz?v=d815db93211629274895
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 47f71f0f9543e0a934348230e31499c4f9a715b2a4caa8d39999f537a0c9c1eb

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:21:47 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 16:15:41 GMT
server: AmazonS3
age: 67134
etag: "dd2199381cc51a84c96c5fbc83a839fc"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/javascript
content-length: 31300
x-amz-cf-id: NMVsiYCh_pkaqjOFucPw-bzokiixONFQx7t57Diu6WLcGP0FMc-aAw==

GET
H2 200 root_framework.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 419 KB
96 KB 16ms
13ms Script
text/javascript 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_framework.js.gz?v=d815db93211629274895
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 41feaea7471c5fb7e013494a9a35b736b51a27d962b70b19960718d445f2d46f

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:21:47 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 16:15:36 GMT
server: AmazonS3
age: 67134
etag: "6af629e4ca993334a55ee846a95bc50a"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/javascript
content-length: 97997
x-amz-cf-id: 33Fx-flkTuK3XqQ9GxAQ6kPrhwqvqtlhusAJXCUFeIHFvBrNHvUgrA==

GET
H2 200 global_global_core.js.gz Show response
content.invisioncic.com/Mmalware/javascript_core/ 36 KB
9 KB 19ms
16ms Script
text/javascript 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_core/global_global_core.js.gz?v=d815db93211629274895
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2d1b49f0a3328a292b3b0c88071fab2dce7ade8468feb84712dc333b96b387b3

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:21:47 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 16:15:36 GMT
server: AmazonS3
age: 67134
etag: "f812cca66f659d32e4150f7db210ce57"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/javascript
content-length: 8525
x-amz-cf-id: 7ETNwyICukfZOFtDYAY80CcCHIzUg8xFzbyqEHBpuJem1T-yzLKWPw==

GET
H2 200 root_front.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 102 KB
22 KB 20ms
17ms Script
text/javascript 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_front.js.gz?v=d815db93211629274895
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3cd48ec34aa0f52eb6bf77a2b9f45e91294ef7c9efa4820fe94fbed6bbf6345e

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:21:47 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 16:15:30 GMT
server: AmazonS3
age: 67134
etag: "bde6bba1fa71799e3cd5289d2d1216d7"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/javascript
content-length: 22556
x-amz-cf-id: Bh1wqYJ3wth3iw1pzsFHKQ0uUqqTRl9sSiS4F-55nZIGVD2jAS9ELw==

GET
H2 200 front_front_core.js.gz Show response
content.invisioncic.com/Mmalware/javascript_core/ 28 KB
7 KB 21ms
17ms Script
text/javascript 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_core/front_front_core.js.gz?v=d815db93211629274895
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2ac7d57386129e93d47308f8ca1613ef1d6a50187c67124e7960ea8e1c2b24f9

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:21:47 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 16:15:33 GMT
server: AmazonS3
age: 67134
etag: "3bf8b51ccfe66fe53775ef5dca87c0b1"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/javascript
content-length: 6608
x-amz-cf-id: xaxFVjVrTUexZDcHBWeZQYyz5WYJdJvABluPHQWlQEUL6HHhfYD0yw==

GET
H2 200 front_front_topic.js.gz Show response
content.invisioncic.com/Mmalware/javascript_forums/ 4 KB
1 KB 24ms
21ms Script
text/javascript 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_forums/front_front_topic.js.gz?v=d815db93211629274895
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1e353dd6f81b838bbc322417e995c5812bb61c1c891a31725da0acd0185efeaf

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:21:47 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 16:15:34 GMT
server: AmazonS3
age: 67134
etag: "994ac7e21afa71d446009d37cb840ae7"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/javascript
content-length: 1108
x-amz-cf-id: JeoO_q9Oseoz05IC-QdfWKBAkb0NcR4TsSpjL3Pl87W5tRfP1khzSw==

GET
H2 200 root_map.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 1 KB
660 B 24ms
21ms Script
text/javascript 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_map.js.gz?v=d815db93211629274895
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5a09059eb37152166fcee0ed7ef9d45852cb5d6ce2af193a211770b3d46645dd

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:21:47 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 08:21:36 GMT
server: AmazonS3
age: 67134
etag: "ec63405328388e4714f39c8581d580c3"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/javascript
content-length: 275
x-amz-cf-id: T2Jin-FwQkf7BH8jWDcfC_oFHEsDh_0DJ6CA0jL75FzBo07jaqFQOg==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 9ms
8ms Script
application/x-javascript 2a02:26f0:6c00:2b0::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 03:00:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Aug 2021 21:34:05 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=30675
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 32ms
31ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:39 GMT
content-encoding: gzip
last-modified: Wed, 28 Jul 2021 18:27:37 GMT
x-msedge-ref: Ref A: 64FFC6A3FBAC456FBEEAF078E4F89166 Ref B: FRAEDGE1421 Ref C: 2021-08-19T03:00:40Z
etag: "80f2963dde83d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 9024

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 6419
date: Thu, 19 Aug 2021 01:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 19 Aug 2021 03:13:41 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 15 KB
6 KB 29ms
6ms Script
application/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b9e6c38b3493790e6525ba6715ad839211cab5db3ddc80c7f70f20f92679fee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Thu, 19 Aug 2021 02:57:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 170
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 5639
x-amz-id-2: WE7ad2W+fCCDupbSGFBEAgg9ymnfkDayO9bEHWmzrYb6q+B0FOMTioc75dGWO/K4HURa2BUbSgI=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Sat, 02 Jul 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Thu, 27 May 2021 13:00:20 GMT
server: ATS
etag: "6de43f1c725d89777edaa2bc5d679ecb-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: YA26CD3D43RDMV5E
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
x-amz-version-id: Bv0RNzsjZsSn6kGrZjdvdggYqc20u__d
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 HWyTnY16.min.js Show response
scripts.demandbase.com/ 60 KB
16 KB 157ms
37ms Script
application/javascript 13.224.96.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/HWyTnY16.min.js
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-5.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 16f961e4eedc84409f706d7043ec879d9a7783c6f317640b0d97a73e98e9e8ea

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: IE5IzYwU4gx7oNbzFWwbL4ZS6nSJjwBv
content-encoding: gzip
last-modified: Tue, 08 Dec 2020 23:24:47 GMT
server: AmazonS3
age: 2272
etag: W/"c890c8c9866d4d0ee9b287e7db203091"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 048a65288aba3f3565a971a2e44151be.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Thu, 19 Aug 2021 02:23:05 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: wByJNjST95JU7RpgOHVNhXSUhoR8VWi3-BefS79qjmIi2D7p3gcRrQ==

GET
H2 200 web-vitals.umd.js Show response
unpkg.com/web-vitals@1.1.0/dist/ 4 KB
2 KB 17ms
16ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@1.1.0/dist/web-vitals.umd.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22f39a41a30342a5c51d150be48c4726245655a560d154af893337d1ae953f62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12894906
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1060-9qPq4bqeRCeFWudNuS98Bp0PQDY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: e9412a941d9e2178046a5378c46b42d2
cache-control: public, max-age=31536000
cf-ray: 68102207af10433f-FRA

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 30ms
25ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-380232391

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f17a6a9f24811afea8e28b2df542b0b237c839fa00df43e87af28d5bd4fe2fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:40 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39100
x-xss-protection: 0
expires: Thu, 19 Aug 2021 03:00:40 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v3/ 36 KB
36 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v3/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,500,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6789b1579e3915acc50ce2f56d956c05dc3186238eb4d1a0d4ad1e403a625ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://forums.malwarebytes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 01:25:24 GMT
x-content-type-options: nosniff
age: 178516
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37056
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 22:48:53 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 01:25:24 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
832 B 118ms
100ms Script
application/javascript 2a02:26f0:6c00:28b::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28b::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ce23bdc14eb22eecad91cef112ea740ebd6928a8cdef11362d1d5b25320bd5d4

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "d281f5ef4add283680ff41edc6dd28c4"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
x-fallback: 3972cb3c-2.16.186.206
accept-ranges: bytes
content-length: 584
access-control-expose-headers: X-CDN

GET
H2 200 demandbase-forms.js Show response
www.malwarebytes.com/js/ 3 KB
1 KB 57ms
13ms Script
application/javascript 2600:9000:21f3:4000:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/js/demandbase-forms.js?d=2020-02-04-15-03-08--0800
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:4000:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5576e25dd8a4d45e90da43e0f127c4efb4d16eebcb7a1bc55fbb66e7cf504f9d

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 02:52:48 GMT
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 23:12:41 GMT
server: Microsoft-IIS/10.0
age: 471
x-powered-by: ASP.NET
etag: W/"178b70bdbc7dd71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: qze89QExaxJfpdcLKGqX0JIKg6G6gb3GmYfYIZ-QR09ycieytqLyYg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1629342040802&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2567940%26time%3D1629342040802%26url%3Dhttps%253A%252F%252Fforums.malwarebytes.co...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1629342040802&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1629342040802&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&liSync=true&e_ipv6...

0
155 B

340ms
142ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1629342040802&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&liSync=true&e_ipv6=AQK1RzEubzHAqwAAAXtcWoUnoOUdL48LbVgLKdA_R1GWpDVyQnxjTrJ2J-hs9Xp5XL3WBrtJ
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:41 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: ur6DTPSVnBag/k7kYysAAA==

Redirect headers

date: Thu, 19 Aug 2021 03:00:41 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1629342040802&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&liSync=true&e_ipv6=AQK1RzEubzHAqwAAAXtcWoUnoOUdL48LbVgLKdA_R1GWpDVyQnxjTrJ2J-hs9Xp5XL3WBrtJ
x-li-proto: http/2
x-li-pop: prod-edc2
content-length: 0
x-li-uuid: tHKmOPSVnBYArEhXWysAAA==

GET
H3-29 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
882 B 15ms
13ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 02:37:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 1372
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Thu, 19 Aug 2021 03:37:48 GMT

GET
H2 204 4072696.js Show response
bat.bing.com/p/action/ 0
115 B 31ms
31ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/4072696.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 19 Aug 2021 03:00:40 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: 21B19987E5174385AB4A3B3F2D77E7D6 Ref B: FRAEDGE1421 Ref C: 2021-08-19T03:00:40Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
93 B 29ms
28ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4072696&tm=gtm001&Ver=2&mid=01b83bc6-a41b-4c08-ae2d-d9d61d518e26&sid=a31e1be0009911ec9b287f5550eff049&vid=a31e23d0009911ec909973ae31678c83&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&kw=malwaretips,%20helpremove,%20helpme&p=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&r=&lt=811&evt=pageLoad&msclkid=N&sv=1&rn=353740
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 72F10E8EA55B4E688E5385C25050297F Ref B: FRAEDGE1421 Ref C: 2021-08-19T03:00:40Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
93 B 29ms
27ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4072696&tm=gtm001&Ver=2&mid=01b83bc6-a41b-4c08-ae2d-d9d61d518e26&sid=a31e1be0009911ec9b287f5550eff049&vid=a31e23d0009911ec909973ae31678c83&vids=0&ec=form&gc=USD&tpp=1&en=Y&evt=custom&msclkid=N&rn=902277
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 8282C28A24BE443585370DB9BA86B235 Ref B: FRAEDGE1421 Ref C: 2021-08-19T03:00:40Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
93 B 31ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4072696&tm=gtm001&Ver=2&mid=01b83bc6-a41b-4c08-ae2d-d9d61d518e26&sid=a31e1be0009911ec9b287f5550eff049&vid=a31e23d0009911ec909973ae31678c83&vids=0&ec=form&gc=USD&tpp=1&en=Y&evt=custom&msclkid=N&rn=772222
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: BA590146E1D24B60A3346A6589544370 Ref B: FRAEDGE1421 Ref C: 2021-08-19T03:00:40Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
94 B 29ms
28ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4072696&tm=gtm001&Ver=2&mid=01b83bc6-a41b-4c08-ae2d-d9d61d518e26&sid=a31e1be0009911ec9b287f5550eff049&vid=a31e23d0009911ec909973ae31678c83&vids=0&ec=form&gc=USD&tpp=1&en=Y&evt=custom&msclkid=N&rn=318222
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 8F3B62B3C2054B52ABC5451B7F57BB7D Ref B: FRAEDGE1421 Ref C: 2021-08-19T03:00:40Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 10110317.json Show response
s.yimg.com/wi/config/ 46 B
709 B 19ms
7ms XHR
application/octet-stream 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10110317.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

51f4cf88527819ae3950b1820aa534ebf6c2fcbc0894db427ba5ab59d9efd659

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Wed, 18 Aug 2021 15:09:18 GMT
x-content-type-options: nosniff
age: 42683
x-amz-server-side-encryption: AES256
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: E46VPWHPAYPC0NNT
x-amz-id-2: 2gkDnPeY6mWZddhEyaqYilph7R/p2SppbgC6H5EAvBTuvOI78Y4in8w1ksu3h1x6eWzkWoDgIXM=
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Mon, 05 Sep 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Sat, 31 Jul 2021 04:48:16 GMT
server: ATS
etag: "cc3d0e0815ad7ef45a521c2a63b65393"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
x-amz-version-id: t1HBn5w9YatPOKrzg1L4mhqDLWfX4l9q
access-control-allow-origin: *
x-xss-protection: 1; mode=block
content-length: 46
content-type: application/octet-stream

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 430 B
937 B 96ms
53ms XHR
application/json 13.225.78.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&page_title=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&src=tag&key=5527c2aa519592df7d44a24d0105731b
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/HWyTnY16.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-112.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 5915f2999f00c10915bb1832eac4b1028abe6ac7dbcf93081c470c1623fc73ab

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:40 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
request-id: 6d9d5f5c-75ba-4543-9109-7a3294216fa3
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://forums.malwarebytes.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ga3kiXYw-qWdKJt4aJ9iZe9SKOV6BdHl808Zweb6lhNT7f8O7-i2RQ==
expires: Wed, 18 Aug 2021 03:00:40 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AABmhk7CO5MAACBnWu6t-A
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABmhk7CO5MAACBnWu6t-A&verifyHash=a0959e7f9705bf5cf7de70bc108f416b3cc49034

26 B
408 B

194ms
194ms

Image
image/gif

13.225.78.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABmhk7CO5MAACBnWu6t-A&verifyHash=a0959e7f9705bf5cf7de70bc108f416b3cc49034
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-83.fra2.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 03:00:41 GMT
Via: 1.1 590590f04f79f692591f9db0e720a31d.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 37060c3ab4411a8b
X-Amz-Cf-Id: 2vhuuj-YlVrMUFA64NBz1OEhK1NDJ4mmWPekd_dHHhrzP8tqlOgHTw==

Redirect headers

Date: Thu, 19 Aug 2021 03:00:41 GMT
Via: 1.1 590590f04f79f692591f9db0e720a31d.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AABmhk7CO5MAACBnWu6t-A&verifyHash=a0959e7f9705bf5cf7de70bc108f416b3cc49034
Connection: keep-alive
trace-id: aa7887213efed90a
Content-Length: 0
X-Amz-Cf-Id: 48OC5klQKjfWkMemSRytGsBGh0khQqJhSWrSszUrwgoOjLcCDqj92g==

GET
H2 451 464526.gif
id.rlcdn.com/ 0
66 B 31ms
14ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:40 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H2 200 main.89cd5bf4.js Show response
s.pinimg.com/ct/lib/ 49 KB
17 KB 104ms
104ms Script
application/javascript 2a02:26f0:6c00:28b::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.89cd5bf4.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28b::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: eb0b072c78ba88e87b07c39c22f9bef724ea89f29f2a195ec4ab33b3bc75797d

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "6deee3ea7ecc4a5d9687c1bd57018c16"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
x-fallback: 3972cb92-2.16.186.206
accept-ranges: bytes
content-length: 17418
access-control-expose-headers: X-CDN

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 30ms
30ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-380232391

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13981
x-xss-protection: 0
server: cafe
etag: 6132654052448080839
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 19 Aug 2021 03:00:40 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
93 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-3347303-10&cid=425308242.1629342041&jid=1362342630&uid=D0708203-B778-4D88-B26B-234FA1DD24F2&gjid=1472318019&_gid=1083849250.1629342041&_u=aGBAgEAjAAAAAE~&z=1439195814

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 19 Aug 2021 03:00:40 GMT
content-type: text/plain
access-control-allow-origin: https://forums.malwarebytes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
5ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=835843792&t=pageview&_s=1&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&ul=en-us&de=UTF-8&dt=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgEAj~&jid=1362342630&gjid=1472318019&cid=425308242.1629342041&uid=D0708203-B778-4D88-B26B-234FA1DD24F2&tid=UA-3347303-10&_gid=1083849250.1629342041&gtm=2wg8g0MKSKW3&z=1363520124

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 16:22:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38318
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
111 B 18ms
17ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-3347303-10&cid=425308242.1629342041&jid=1362342630&_u=aGBAgEAjAAAAAE~&z=1355948965

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 19ms
19ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-3347303-10&cid=425308242.1629342041&jid=1362342630&_u=aGBAgEAjAAAAAE~&z=1355948965

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/380232391/ 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/380232391/?random=1629342040900&cv=9&fst=1629342040900&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d96f1cef1e2fca642bf380f39f13f38297a201a3980407526a6226e8710d6a07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1104
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
www.googleadservices.com/pagead/conversion/380232391/ 2 KB
1 KB 27ms
24ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/380232391/?random=1629342040903&cv=9&fst=1629342040903&num=1&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1383955112.1629342040&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ae18f3e959bc064ab480eab694f03a3fc64eb95a5c8d87a0a0fff745ddf35c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/privacysandbox/conversion/380232391/ 0
0 15ms
15ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/pagead/privacysandbox/conversion/380232391/?random=1629342040903&cv=9&fst=1629342040903&num=1&fmt=3&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1383955112.1629342040&capi=1&hn=www.googleadservices.com&async=1
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/380232391/ 42 B
64 B 18ms
18ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/380232391/?random=1629342040900&cv=9&fst=1629342000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&async=1&fmt=3&is_vtc=1&random=1336030907&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/380232391/ 42 B
64 B 27ms
24ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/380232391/?random=1629342040900&cv=9&fst=1629342000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&async=1&fmt=3&is_vtc=1&random=1336030907&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

/
www.google.de/pagead/1p-conversion/380232391/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/380232391/?random=1162368803&cv=9&fst=1629342040903&num=1&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120...
https://www.google.com/pagead/1p-conversion/380232391/?random=1162368803&cv=9&fst=1629342040903&num=1&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...
https://www.google.de/pagead/1p-conversion/380232391/?random=1162368803&cv=9&fst=1629342040903&num=1&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...

42 B
64 B

21ms
21ms

Image
image/gif

2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/380232391/?random=1162368803&cv=9&fst=1629342040903&num=1&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1383955112.1629342040&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=WMkdYeekOLH5-gan4J2IBA&cid=CAQSKQCNIrLMuSViS6QcMXjiXihaObHOZxx9WVN3EBVNiD5uILLGAFicmKvB&random=2034081029&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:40 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/380232391/?random=1162368803&cv=9&fst=1629342040903&num=1&label=_XHlCK3XlI0CEMfFp7UB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&tiba=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1383955112.1629342040&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=WMkdYeekOLH5-gan4J2IBA&cid=CAQSKQCNIrLMuSViS6QcMXjiXihaObHOZxx9WVN3EBVNiD5uILLGAFicmKvB&random=2034081029&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
5ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=835843792&t=event&ni=1&_s=2&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F&ul=en-us&de=UTF-8&dt=I%20found%20strange%20app%20on%20AppData%2FRoaming%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAgEAjAAAAAE~&jid=&gjid=&cid=425308242.1629342041&uid=D0708203-B778-4D88-B26B-234FA1DD24F2&tid=UA-3347303-10&_gid=1083849250.1629342041&gtm=2wg8g0MKSKW3&cd2=(Non-Company%20Visitor)&cd3=Bot&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=Berlin&cd12=BE&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=DE&cd18=(Non-Company%20Visitor)&z=1560797788

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 16:22:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38318
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 443 B
818 B 106ms
51ms XHR
application/json 104.75.88.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1629342040964

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.89cd5bf4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-209.deploy.static.akamaitechnologies.com

Software

Resource Hash

45eb4a06b8ac41231cacdee781d6a1175ed0dc544c3982b708305b281feaaab3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:41 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cdn: akamai
akamai-grn: 0.966656b8.1629342041.9da003a8
x-envoy-upstream-service-time: 0
x-pinterest-rid: 7019077722474574
pin-unauth: dWlkPVpEWmtZamxtTURrdE16WXdOQzAwTkRSbUxUbGhaVGt0TlRnME5EYzBObUptTmpGaQ
access-control-allow-origin: https://forums.malwarebytes.com
referrer-policy: origin
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
content-type: application/json; charset=utf-8
pragma: no-cache
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
content-length: 331
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
334 B 115ms
61ms Image
image/gif 104.75.88.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ct.pinterest.com/v3/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2289cd5bf4%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1629342040965

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-209.deploy.static.akamaitechnologies.com

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:41 GMT
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.966656b8.1629342041.9da003b2
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
content-length: 35
x-pinterest-rid: 2313260887488874
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 / Show response
ct.pinterest.com/md/ 0
275 B 284ms
144ms XHR
text/plain 104.75.88.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/md/

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.89cd5bf4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-209.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:41 GMT
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.966656b8.1629342041.9da00546
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 1
x-pinterest-rid: 1220532571833456
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 front_front_widgets.js.gz Show response
content.invisioncic.com/Mmalware/javascript_core/ 16 KB
5 KB 13ms
12ms Script
text/javascript 2600:9000:20eb:c00:1e:ebe7:1480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_core/front_front_widgets.js.gz?v=d815db93211629274895&csrfKey=&antiCache=d815db93211629274895
Requested by: Host: content.invisioncic.com
URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211629274895
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b91863296289e198d2e7b62768710a6d61d640adc544e353f599b35f38be07dd

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:21:49 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 16:51:57 GMT
server: AmazonS3
age: 67132
etag: "18180c92bf7ba1b76f18ea2028c5e1be"
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: text/javascript
content-length: 4231
x-amz-cf-id: 4HN4pMoj3aPNaThuu50fjpdRUNpJ2rRzON_hCiVWBEQ5Ng99wb5rsg==

GET
H2 200 2893.js Show response
script.crazyegg.com/pages/scripts/0081/ 5 KB
2 KB 37ms
13ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf16a6be9c1f8d220216cd8bc2d5a7d68731c383f8a1d394c2727e7564a9ca7a

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:41 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 16510
cf-polished: origSize=4899
cf-ray: 681022115d38176e-FRA
ce-version: 11.1.323
last-modified: Wed, 18 Aug 2021 22:25:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-bgj: minify

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 10ms
10ms Script
application/x-javascript 2a02:26f0:6c00:2b0::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 03:00:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Aug 2021 21:34:05 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=30674
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 28ms
6ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:41 GMT
via: 1.1 varnish
last-modified: Mon, 12 Jul 2021 21:25:31 GMT
age: 530
etag: "65cf0c0ceb852397f0d1e6732cd3c533+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1958
x-timer: S1629342042.815382,VS0,VE0
x-served-by: cache-fra19141-FRA

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
261 B 100ms
33ms Image
image/gif 54.77.48.133
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=jtuxrxn&ct=0:fyckj1z&fmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.48.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-48-133.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 03:00:41 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
660 B 162ms
130ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o1m5j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 19 Aug 2021 03:00:41 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 9884d5516a6a59e1f4b6cc63abcfa56543dbd76e63dc716e9bf850728749814c
x-transaction: 538425c18327efd7
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
454 B 151ms
119ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o1m5j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F233470-i-found-strange-app-on-appdataroaming%2F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 19 Aug 2021 03:00:41 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 89d048ab67270cfa50ed9719e0f4898741e0d108191d0e6fc03001fb58a19ef0
x-transaction: efa7c61fa3c873ff
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 2893.json Show response
script.crazyegg.com/pages/data-scripts/0081/ 4 KB
2 KB 27ms
14ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0081/2893.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e8646519b073ff7efbaf7f8bbbd7b45c0b76f937326ab06339ef22ede33c628

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:41 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 16508
ce-version: 11.1.323
content-length: 1407
timing-allow-origin: *
last-modified: Wed, 18 Aug 2021 22:25:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
cf-ray: 681022118c3d16ea-FRA

GET
H2 200 11.1.323.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 64 KB
21 KB 19ms
19ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.323.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 714cafff07c401d54cda0b09af30d81dd5e3e2bc5891556168366fcc771a5bc4

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 Aug 2021 03:00:41 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 15 Jul 2021 13:13:31 GMT
server: cloudflare
age: 1943935
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
cf-ray: 68102211ad69176e-FRA
content-length: 21471

GET
H2 200 2893.json Show response
script.crazyegg.com/pages/sampling-data-scripts/0081/ 46 B
129 B 12ms
11ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/sampling-data-scripts/0081/2893.json?t=452595
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.323.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3cf1a6620607a30da2eb4fa3bef8870f14d2ad0eb0c80cfab708fe9485843fb

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 03:00:41 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 16508
ce-version: 11.1.323
content-length: 65
timing-allow-origin: *
last-modified: Wed, 18 Aug 2021 22:25:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
cf-ray: 68102211cc6416ea-FRA

Verdicts & Comments Add Verdict or Comment

79 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.forums.malwarebytes.com/	1970-01-20 05:21:18	Name: _pin_unauth Value: dWlkPVpEWmtZamxtTURrdE16WXdOQzAwTkRSbUxUbGhaVGt0TlRnME5EYzBObUptTmpGaQ
.malwarebytes.com/	1970-01-19 20:35:42	Name: _dc_gtm_UA-3347303-10 Value: 1
.malwarebytes.com/	1970-01-20 14:06:54	Name: _ga Value: GA1.2.425308242.1629342041
.malwarebytes.com/	1970-01-20 05:57:18	Name: _uetvid Value: a31e23d0009911ec909973ae31678c83
forums.malwarebytes.com/	1970-01-19 20:37:08	Name: ips4_hasJS Value: true
.malwarebytes.com/	1970-01-19 22:45:18	Name: _gcl_au Value: 1.1.1383955112.1629342040
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ips4_IPSSessionFront Value: 24nsj58q4b2eoka9ndfbbvo52f
.malwarebytes.com/	1970-01-19 20:37:08	Name: _uetsid Value: a31e1be0009911ec9b287f5550eff049
.malwarebytes.com/	1970-01-19 20:37:08	Name: _gid Value: GA1.2.1083849250.1629342041
forums.malwarebytes.com/	1970-01-19 20:45:46	Name: AWSALB Value: yUWf+9nkOdWqzSIBX011ADptAuI1dXwCRSjFw2tbiRhRtO9o2zRTpNob+MVEnh9y6SNM/W7lw6JdMs+JAmw2Cn49QtKnrEu9Ik4uNRWgXqo8vbB9wdc+BYyYBoAe
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ips4_ipsTimezone Value: Europe/Berlin
.malwarebytes.com/topic/233470-i-found-strange-app-on-appdataroaming	1970-01-20 05:21:18	Name: gaUserID Value: D0708203-B778-4D88-B26B-234FA1DD24F2

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211629274895(Line 10) Message: JQMIGRATE: Migrate is installed with logging active, version 3.3.0
console-api	warning	URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211629274895(Line 12) Message: JQMIGRATE: jQuery.fn.bind() is deprecated
console-api	log	URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211629274895(Line 12) Message: console.trace
console-api	warning	URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211629274895(Line 12) Message: JQMIGRATE: JQMIGRATE: jQuery.cssProps is deprecated
console-api	log	URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211629274895(Line 12) Message: console.trace
console-api	log	URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211629274895(Line 71) Message: %cThis is a browser feature intended for developers. Do not paste any code here given to you by someone else. It may compromise your account or have other negative side effects. font-weight: bold; font-size: 14px;

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.company-target.com
bat.bing.com
content.invisioncic.com
ct.pinterest.com
fonts.googleapis.com
fonts.gstatic.com
forums.malwarebytes.com
googleads.g.doubleclick.net
id.rlcdn.com
insight.adsrvr.org
match.prod.bidr.io
px.ads.linkedin.com
px4.ads.linkedin.com
s.pinimg.com
s.yimg.com
script.crazyegg.com
scripts.demandbase.com
segments.company-target.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
unpkg.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.malwarebytes.com
104.244.42.131
104.244.42.133
104.75.88.209
108.174.10.14
13.224.96.5
13.225.78.112
13.225.78.37
13.225.78.83
142.250.185.226
142.250.186.98
151.101.12.157
2600:9000:20eb:c00:1e:ebe7:1480:93a1
2600:9000:21f3:4000:16:26c7:ff80:93a1
2606:4700::6810:7eaf
2606:4700::6813:9308
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:80:800::7000
2a00:1450:4001:808::2008
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2003
2a00:1450:4001:811::2004
2a00:1450:4001:812::2003
2a00:1450:4001:812::2004
2a00:1450:4001:828::2008
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:400c:c08::9d
2a02:26f0:6c00:28b::1931
2a02:26f0:6c00:2b0::25ea
35.244.174.68
52.30.222.33
54.77.48.133
031997d2a8c38787ba9043e2cd8bc08b152e316f01521d658daef96e579ea1ef
074302dc9cfdf8813bdd6fa67dd48a49273a471edd15f192a40fbb869af51d0b
07fbbfd8f908b547a39cbb53d85c204d4668ac45979862d8ca49892085669dea
0e36308a13aa06d085ad95ecf45f9dfa5352f683f6fb03c27fc35887bcf6f678
16f961e4eedc84409f706d7043ec879d9a7783c6f317640b0d97a73e98e9e8ea
1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e
1e353dd6f81b838bbc322417e995c5812bb61c1c891a31725da0acd0185efeaf
22f39a41a30342a5c51d150be48c4726245655a560d154af893337d1ae953f62
24c13cdea638620ec96bc3b7ba1bdef0cbe3ad0847b2ddc6f041df1fa24cffa4
2ac7d57386129e93d47308f8ca1613ef1d6a50187c67124e7960ea8e1c2b24f9
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d1b49f0a3328a292b3b0c88071fab2dce7ade8468feb84712dc333b96b387b3
2e592ea8a71afaa0b9fae4c7838c22d89acde0cf142142460d615090127ddd95
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37f6a6e8087658986a7cbe38c1e127643326c4fabf1480b592bd9b51d97810da
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3cd48ec34aa0f52eb6bf77a2b9f45e91294ef7c9efa4820fe94fbed6bbf6345e
41feaea7471c5fb7e013494a9a35b736b51a27d962b70b19960718d445f2d46f
45eb4a06b8ac41231cacdee781d6a1175ed0dc544c3982b708305b281feaaab3
47f71f0f9543e0a934348230e31499c4f9a715b2a4caa8d39999f537a0c9c1eb
494d26e831292dde75c737f238919bc3dd8771662c6035f43a3f958cf031b999
4dfe78169eeda101ab9eb6be17e1f444587282929990f1d66ad5308bffdfec3e
4e0f39543ae4c15cfe3222f68e358c416dc79cb262c16c8d5b46281a5d850f40
51f4cf88527819ae3950b1820aa534ebf6c2fcbc0894db427ba5ab59d9efd659
5576e25dd8a4d45e90da43e0f127c4efb4d16eebcb7a1bc55fbb66e7cf504f9d
5915f2999f00c10915bb1832eac4b1028abe6ac7dbcf93081c470c1623fc73ab
5a09059eb37152166fcee0ed7ef9d45852cb5d6ce2af193a211770b3d46645dd
5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257
6e602d17e51b21001f3cbe4886c7902037eaa5b24e4271f8023a7cb39033a583
714cafff07c401d54cda0b09af30d81dd5e3e2bc5891556168366fcc771a5bc4
73c6d9bea582fd9ea44e6f647006f9ef8b4af0c15199ff20bd524186913eb9e2
78bb8d518f95a6e93e5dd8ffe6500c4baf43f0b1409b3744e745b5139c886ef2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84925038dd75196a324b3a9935a6b11a0311ca9c0c594eda0bf8fc40e169e525
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e8646519b073ff7efbaf7f8bbbd7b45c0b76f937326ab06339ef22ede33c628
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9bde20f23db841b077e3392fb8fbaac4c6fe1392bfd7b8f0947e3ee32f41f6d0
a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae18f3e959bc064ab480eab694f03a3fc64eb95a5c8d87a0a0fff745ddf35c20
b91863296289e198d2e7b62768710a6d61d640adc544e353f599b35f38be07dd
b9e6c38b3493790e6525ba6715ad839211cab5db3ddc80c7f70f20f92679fee6
be5fb7b18d38d2f7d45e58a9130c8f179fbca95035c526cb984415219f45d0b1
c16497cc0b2b637adac3749984c0f9444979d059c3f3538762050683f92b3e8d
c4b4c5de41e8a5a6dee442ef83c9ea2ad2d76eeeb07339613f9eccedcb1ca1f0
c556c02edfc745804214d4142c3b7b48d19f73fe2ebc66b63afbfb9f4f53c95c
ce23bdc14eb22eecad91cef112ea740ebd6928a8cdef11362d1d5b25320bd5d4
cf16a6be9c1f8d220216cd8bc2d5a7d68731c383f8a1d394c2727e7564a9ca7a
cffa66a3266b7f876d47c7ce6ab05a6f0cad6b0583b723262597772e04b2ce3f
d96f1cef1e2fca642bf380f39f13f38297a201a3980407526a6226e8710d6a07
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
eb0b072c78ba88e87b07c39c22f9bef724ea89f29f2a195ec4ab33b3bc75797d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f17a6a9f24811afea8e28b2df542b0b237c839fa00df43e87af28d5bd4fe2fd4
f3cf1a6620607a30da2eb4fa3bef8870f14d2ad0eb0c80cfab708fe9485843fb
f6789b1579e3915acc50ce2f56d956c05dc3186238eb4d1a0d4ad1e403a625ac
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

forums.malwarebytes.com Open in urlscan Pro 13.225.78.37 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

76 Requests

100 %HTTPS

61 %IPv6

26 Domains

31 Subdomains

33 IPs

4 Countries

979 kBTransfer

2804 kBSize

12 Cookies

116 Outgoing links

Redirected requests

76 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

forums.malwarebytes.com Open in urlscan Pro
13.225.78.37 Public Scan

Screenshot
Live screenshot

Full Image

76
Requests

100 %
HTTPS

61 %
IPv6

26
Domains

31
Subdomains

33
IPs

4
Countries

979 kB
Transfer

2804 kB
Size

12
Cookies

76 HTTP transactions
2 data transactions