decoded.avast.io
Open in
urlscan Pro
34.111.249.39
Public Scan
URL:
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
Submission: On November 13 via api from BY — Scanned from DE
Submission: On November 13 via api from BY — Scanned from DE
Summary
This website contacted 8 IPs
in 2 countries
across 6 domains to perform 47 HTTP transactions.
The main IP is 34.111.249.39, located in
Kansas City, United States and
belongs to GOOGLE-CLOUD-PLATFORM, US.
The main domain is decoded.avast.io.
TLS certificate: Issued by WR3 on November 4th 2024. Valid for: 3 months.
This is the only time decoded.avast.io was scanned on urlscan.io!
TLS certificate: Issued by WR3 on November 4th 2024. Valid for: 3 months.
This is the only time decoded.avast.io was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 40 | 34.111.249.39 34.111.249.39 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:830::2008 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2606:4700:440... 2606:4700:4400::6812:2844 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:800::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:829::201b | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 142.250.186.99 142.250.186.99 | 15169 (GOOGLE) (GOOGLE) | |
| 47 | 8 |
40
34.111.249.39
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 39.249.111.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 39.249.111.34.bc.googleusercontent.com
| decoded.avast.io |
1
2a00:1450:4001:830::2008
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagmanager.com |
1
2a00:1450:4001:829::201b
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| wordpress-salat-test.storage.googleapis.com |
2
142.250.186.99
(United States)
ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net
| fonts.gstatic.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 40 |
avast.io
1 redirects
decoded.avast.io |
2 MB |
| 2 |
gstatic.com
fonts.gstatic.com |
61 KB |
| 2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 55 wordpress-salat-test.storage.googleapis.com |
5 KB |
| 1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2944 |
|
| 1 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 2522 |
|
| 1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64 |
92 KB |
| 47 | 6 |
| Domain | Requested by | |
|---|---|---|
| 40 | decoded.avast.io |
1 redirects
decoded.avast.io
|
| 2 | fonts.gstatic.com |
fonts.googleapis.com
|
| 1 | region1.google-analytics.com |
www.googletagmanager.com
|
| 1 | wordpress-salat-test.storage.googleapis.com |
decoded.avast.io
|
| 1 | fonts.googleapis.com |
decoded.avast.io
|
| 1 | kit.fontawesome.com |
decoded.avast.io
|
| 1 | www.googletagmanager.com |
decoded.avast.io
|
| 47 | 7 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| avast.io WR3 |
2024-11-04 - 2025-02-02 |
3 months | crt.sh |
| *.google-analytics.com WR2 |
2024-10-21 - 2025-01-13 |
3 months | crt.sh |
| *.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-07-30 - 2025-01-27 |
6 months | crt.sh |
| upload.video.google.com WR2 |
2024-10-21 - 2025-01-13 |
3 months | crt.sh |
| *.storage.googleapis.com WR2 |
2024-10-21 - 2025-01-13 |
3 months | crt.sh |
| *.gstatic.com WR2 |
2024-10-21 - 2025-01-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
Frame ID: C68E59737581B491D6E0196B9437A9BD
Requests: 46 HTTP requests in this frame
Screenshot
Page Title
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat LabsPage URL History Show full URLs
-
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-...
HTTP 301
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-... Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
- /wp-(?:content|includes)/
Yoast SEO
(SEO)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/gtag/js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery Migrate
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
58 Outgoing links
These are links going to different origins than the main page.
URL: https://www.avast.com/en-us/careers
Title: Careers
Title: Careers
Search URL Search Domain Scan URL
URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338
Title: CVE-2024-21338
Title: CVE-2024-21338
Search URL Search Domain Scan URL
URL: https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf
Title: ESET
Title: ESET
Search URL Search Domain Scan URL
URL: https://download.ahnlab.com/global/brochure/Analysis-Report-on-Lazarus-Groups-Rootkit-Attack-Using-BYOVD.pdf
Title: AhnLab
Title: AhnLab
Search URL Search Domain Scan URL
URL: https://www.blackhat.com/asia-24/briefings/schedule/#from-byovd-to-a--day-unveiling-advanced-exploits-in-cyber-recruiting-scams-37786
Title: Black Hat Asia 2024 briefing
Title: Black Hat Asia 2024 briefing
Search URL Search Domain Scan URL
URL: https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria
Title: security servicing criteria
Title: security servicing criteria
Search URL Search Domain Scan URL
URL: https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/#:~:text=Known%20usage%20in%20the%20wild
Title: frequently
Title: frequently
Search URL Search Domain Scan URL
URL: https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/
Title: BYOVD
Title: BYOVD
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/install/driver-signing
Title: DSE
Title: DSE
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement
Title: HVCI
Title: HVCI
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
Title: driver blocklisting,
Title: driver blocklisting,
Search URL Search Domain Scan URL
URL: https://github.com/wavestone-cdt/EDRSandblast
Title: possibilities
Title: possibilities
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/win32/services/protecting-anti-malware-services-
Title: PPL
Title: PPL
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
Title: protected with RunAsPPL
Title: protected with RunAsPPL
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules#microsoft-vulnerable-driver-blocklist
Title: vulnerable driver blocklist
Title: vulnerable driver blocklist
Search URL Search Domain Scan URL
URL: https://www.virustotal.com/gui/file/0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5/detection
Title: dbutil_2_3.sys
Title: dbutil_2_3.sys
Search URL Search Domain Scan URL
URL: https://www.virustotal.com/gui/file/175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347
Title: ene.sys
Title: ene.sys
Search URL Search Domain Scan URL
URL: https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
Title: uncover
Title: uncover
Search URL Search Domain Scan URL
URL: https://www.virustotal.com/gui/file/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5
Title: hw.sys
Title: hw.sys
Search URL Search Domain Scan URL
URL: https://www.crowdstrike.com/cybersecurity-101/living-off-the-land-attacks-lotl/
Title: living off the land
Title: living off the land
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview
Title: AppLocker
Title: AppLocker
Search URL Search Domain Scan URL
URL: https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-1.html
Title: technology
Title: technology
Search URL Search Domain Scan URL
URL: https://j00ru.vexillium.org/2011/06/smep-what-is-it-and-how-to-beat-it-on-windows/
Title: SMEP
Title: SMEP
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/win32/secbp/control-flow-guard
Title: kCFG
Title: kCFG
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/defining-i-o-control-codes
Title: Breaking down
Title: Breaking down
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/win32/services/localservice-account
Title: local service
Title: local service
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/previousmode
Title: PreviousMode
Title: PreviousMode
Search URL Search Domain Scan URL
URL: https://research.nccgroup.com/2020/05/25/cve-2018-8611-exploiting-windows-ktm-part-5-5-vulnerability-detection-and-a-better-read-write-primitive/#previousmode-abuse:~:text=into%20PreviousMode%20further.-,PreviousMode%20%E2%80%93%20a%20%22god%20mode%22%20primitive%3F,-PreviousMode%20on%2064
Title: exploitation technique
Title: exploitation technique
Search URL Search Domain Scan URL
URL: https://x.com/GabrielLandau/status/1597001955909697536
Title: mitigated
Title: mitigated
Search URL Search Domain Scan URL
URL: http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FMemory%20Management%2FVirtual%20Memory%2FNtWriteVirtualMemory.html
Title: arguments
Title: arguments
Search URL Search Domain Scan URL
URL: https://medium.com/s2wblog/detailed-analysis-of-darkgate-investigating-new-top-trend-backdoor-malware-0545ecf5f606#:~:text=use%20are%20different.-,Vaccine%20Detection,-DarkGate%20detects%20installed
Title: refer
Title: refer
Search URL Search Domain Scan URL
URL: https://translate.google.com/?sl=en&tl=ko&text=antivirus&op=translate
Title: translation
Title: translation
Search URL Search Domain Scan URL
URL: https://research.checkpoint.com/2018/silivaccine-a-look-inside-north-koreas-anti-virus/
Title: SiliVaccine
Title: SiliVaccine
Search URL Search Domain Scan URL
URL: https://asec.ahnlab.com/en/59387/
Title: report
Title: report
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/filtering-registry-calls
Title: registry callbacks.
Title: registry callbacks.
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-obregistercallbacks
Title: Object callbacks
Title: Object callbacks
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nf-ntddk-pssetcreateprocessnotifyroutine
Title: process
Title: process
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nf-ntddk-pssetcreatethreadnotifyroutine
Title: thread
Title: thread
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nf-ntddk-pssetloadimagenotifyroutine
Title: image
Title: image
Search URL Search Domain Scan URL
URL: https://overlayhack.com/edr-bypass-evasion
Title: stop here
Title: stop here
Search URL Search Domain Scan URL
URL: https://github.com/reactos/reactos/blob/e0c17c3f462e3b62bf0c4ca2479c1e5c6b8ff496/sdk/include/ndk/extypes.h#L535
Title: ReactOS,
Title: ReactOS,
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/filter-manager-concepts
Title: File system minifilters
Title: File system minifilters
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/load-order-groups-and-altitudes-for-minifilter-drivers
Title: altitude ranges
Title: altitude ranges
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/device-guard-and-credential-guard
Title: HVCI
Title: HVCI
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/filter-manager-concepts#:~:text=Each%20of%20FltMgr%27s%20filter%20device%20objects%20is%20called%20a%20frame
Title: filter manager frame
Title: filter manager frame
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/load-order-groups-and-altitudes-for-minifilter-drivers#:~:text=recover%20deleted%20files.-,FSFilter%20Anti%2DVirus,-320000%2D329999
Title: defined
Title: defined
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/win32/fwp/windows-filtering-platform-start-page
Title: Windows Filtering Platform
Title: Windows Filtering Platform
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/network/introduction-to-windows-filtering-platform-callout-drivers
Title: callout drivers,
Title: callout drivers,
Search URL Search Domain Scan URL
URL: https://codemachine.com/articles/find_wfp_callouts.html
Title: not hard to find
Title: not hard to find
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/fwpsk/ns-fwpsk-fwps_callout2_
Title: documented in another structure
Title: documented in another structure
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/win32/etw/about-event-tracing
Title: Event Tracing for Windows
Title: Event Tracing for Windows
Search URL Search Domain Scan URL
URL: https://github.com/avast/ioc/tree/master/FudModule#targeted-etw-provider-guids
Title: hardcoded list
Title: hardcoded list
Search URL Search Domain Scan URL
URL: https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less/
Title: blog
Title: blog
Search URL Search Domain Scan URL
URL: https://windows-internals.com/kaslr-leaks-restriction/
Title: aims to restrict
Title: aims to restrict
Search URL Search Domain Scan URL
URL: https://imphash.medium.com/windows-process-internals-a-few-concepts-to-know-before-jumping-on-memory-forensics-part-5-a-2368187685e
Title: background on handle tables
Title: background on handle tables
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/groups/G0032/
Title: prolific and long-standing
Title: prolific and long-standing
Search URL Search Domain Scan URL
URL: https://github.com/avast/ioc/tree/master/FudModule#yara
Title: https://github.com/avast/ioc/tree/master/FudModule#yara
Title: https://github.com/avast/ioc/tree/master/FudModule#yara
Search URL Search Domain Scan URL
URL: https://wordpress.org/
Title: WordPress.org
Title: WordPress.org
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
HTTP 301
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
47 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/ Redirect Chain
|
219 KB 220 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
258 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
style.min.css
decoded.avast.io/wp-includes/css/dist/block-library/ |
110 KB 110 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
default.css
decoded.avast.io/wp-content/plugins/syntax-highlighting-code-block/vendor/scrivo/highlight-php/styles/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
82b8dac6-e419-44da-8f48-0ed267f08f2b
https://decoded.avast.io/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
min.css
decoded.avast.io/wp-content/themes/johannes/assets/css/ |
180 KB 180 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
common.css
decoded.avast.io/wp-content/themes/johannes-avast/css/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
dark.css
decoded.avast.io/wp-content/themes/johannes-avast/css/ |
0 16 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
a2abe1aedb.js
kit.fontawesome.com/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
main.css
decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/css/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
frontend-gtag.min.js
decoded.avast.io/wp-content/plugins/google-analytics-for-wordpress/assets/js/ |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jquery.min.js
decoded.avast.io/wp-includes/js/jquery/ |
86 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jquery-migrate.min.js
decoded.avast.io/wp-includes/js/jquery/ |
13 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Asset-22ldpi.png
wordpress-salat-test.storage.googleapis.com/sites/2/2019/06/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
AdobeStock_640258322-1920x500.jpeg
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
149 KB 149 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
vuln_triggered-1024x390.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
227 KB 227 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
appid_device_acl.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
imagesloaded.min.js
decoded.avast.io/wp-includes/js/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
masonry.min.js
decoded.avast.io/wp-includes/js/ |
24 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jquery.masonry.min.js
decoded.avast.io/wp-includes/js/jquery/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
min.js
decoded.avast.io/wp-content/themes/johannes/assets/js/ |
112 KB 112 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
main.js
decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/js/ |
551 B 570 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
new-tab.js
decoded.avast.io/wp-content/plugins/page-links-to/dist/ |
34 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
region1.google-analytics.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
dark.css
decoded.avast.io/wp-content/themes/johannes-avast/css/ |
0 16 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
johannes-font.ttf
decoded.avast.io/wp-content/themes/johannes/assets/fonts/ |
3 KB 3 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v29/ |
32 KB 32 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
fontawesome-webfont.woff2
decoded.avast.io/wp-content/themes/johannes/assets/fonts/ |
75 KB 75 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
socicon.woff
decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/fonts/ |
98 KB 98 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
7Auwp_0qiz-afTzGLRrX.woff2
fonts.gstatic.com/s/muli/v29/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
wp-emoji-release.min.js
decoded.avast.io/wp-includes/js/ |
18 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
patch_diaphora-1-1024x332.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
90 KB 90 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
offsets.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
direct_syscall.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
rootkit_main.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
54 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
vaccines.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
pooltag_check.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
is_active_callout.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
103 KB 103 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
etw_activesystemloggers-1.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
67 KB 67 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
EtwEventEnabled-2-1024x610.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
146 KB 146 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
sleep_thread.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
windbg_handle_table_entry.png
decoded.avast.io/wp-content/uploads/sites/2/2024/02/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
CC-featured-image-344x194.png
decoded.avast.io/wp-content/uploads/sites/2/2024/07/ |
66 KB 66 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
donex-344x194.jpeg
decoded.avast.io/wp-content/uploads/sites/2/2024/07/ |
22 KB 22 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
krzysztof-hepner-C1JTOq_uTpY-unsplash-344x194.jpg
decoded.avast.io/wp-content/uploads/sites/2/2024/06/ |
10 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
cropped-Asset-25ldpi-32x32.png
decoded.avast.io/wp-content/uploads/sites/2/2019/07/ |
1 KB 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- decoded.avast.io
- URL
- blob:https://decoded.avast.io/82b8dac6-e419-44da-8f48-0ed267f08f2b
Verdicts & Comments Add Verdict or Comment
46 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| mi_version boolean| mi_track_user object| MonsterInsightsDefaultLocations object| MonsterInsightsLocations object| disableStrs function| __gtagTrackerIsOptedOut function| __gtagTrackerOptout function| gaOptout function| __gtagDataLayer function| __gtagTracker object| dataLayer object| MonsterInsightsDualTracker function| gtag function| __gaTracker object| _wpemojiSettings object| google_tag_manager object| google_tag_data object| gaGlobal function| _nslDOMReady object| monsterinsights_frontend function| jQuery function| getCookie function| setCookie function| toggleTheme function| setTheme string| theme_cookie function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry object| johannes_js_settings function| objectFitImages function| PhotoSwipeUI_Default function| PhotoSwipe object| picturefillCFG function| picturefill function| MonsterInsights object| MonsterInsightsObject function| NSLPopup function| nslRedirect object| twemoji object| wp3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .avast.io/ | Name: _ga_GSVBRGE9D6 Value: GS1.1.1731489412.1.0.1731489412.0.0.0 |
|
| .avast.io/ | Name: _ga Value: GA1.1.59367313.1731489412 |
|
| decoded.avast.io/ | Name: avast_theme Value: dark |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
decoded.avast.io
fonts.googleapis.com
fonts.gstatic.com
kit.fontawesome.com
region1.google-analytics.com
wordpress-salat-test.storage.googleapis.com
www.googletagmanager.com
decoded.avast.io
142.250.186.99
2001:4860:4802:32::36
2606:4700:4400::6812:2844
2a00:1450:4001:800::200a
2a00:1450:4001:829::201b
2a00:1450:4001:830::2008
34.111.249.39
004581f917268ca890df89f8b85327a2b5b9b0cc8cf1f78c6d810a0e3ae71af4
059a4ceac2ef55e9e1707329e116e850eca295235bc122c6ec8c1e08db90e1a6
1d879f504b32fe63b87c0586a49e3c06af71ccd663219a4d2a97cf236d45a430
1da54685099ba617c730a9d23bd879e12fec97773efb0353ff21143fb7dc0da8
250fd3e1a88e39683d7798ac68311b15d4dd859903bc8faec08c37c0142f2c72
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2dddb414eee8c1f7a745d0e2a39ea0f12bd4e98187730b66dcd702fc779dc535
31a0715b1ca458fb0b6371788f65d847f4b4d8fe43c89ef6644d3c24760a36e4
46704a89ade8bc72ba176b394f6858df973513bd765c7e09a02e289127b98e9a
4975e5df87c9b12ffd93060e4f4b5d7459de5b5be628a8198542695f0016b039
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
50ee7d76aa0cc8a8a81b9be4f16de5a3cbd44cf4fce952e5a7b00e81b43918c7
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5f730e0adb0db34601edf0b7449dae5bcd766311ca1aadf57d58126c554fe2ef
610ee2fcb67545fa1cb1fb92e6d3a58d1ef6c53ac8073652594de297f21b5242
6c975ed52611adee57fbe7109c58af4c6b68bb349bae6a42573f5f5e63cf57d7
6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9
6e1ba7b6b625d488b2be3593d5ec5c3fca1fc192e9b3475573bf75af25b4cde9
6f968e2b575a4921967e9ccb21f184904b8cc5dfb92a1847c72732c85a8cc33d
8ae85889efcfa312febddb2a281738b3ba1627eb0ddb9ea30e5fc23acc372bcd
8b7f6b3b98d203b064eeb91445b8bfc6f5bec3a2e7b76af8a23a7cb6cd0d8add
8b992cb5791db17eec4cce7a5e7b1adf2d8ff4a1356ba5e8b829860914985d90
8cacecfc04185080b05775e03f926f7f81ea4bb0a28f2f192b77660b643497f9
8efd7ef0887f8d97df1f68248a4d6f603ab11021a0f683e61584227ee7a71909
98d96d59b69f1b5d6ec4eaa8e2c2c6880c2a849253ef08269e2811eb80fb3d8a
9d8e584c6cc0924db4aefdb99267de5d2cf1a96d76b4396a8a787e546c06a909
a04ff24932ae4b90e7a4cb2d035d3f5f87df518270531ea8e3814c6befbe1db6
aaf01e0d1ceebf1243985f818d7a37b006d5bc065060cfd428290a74c45b761f
b21394a4e4bafd76aab785ffc2e9330946a849ad7d511b5051d58faa2463971f
b55907481ff48a21f92a7d380cdecc004c766d3141a24053a6ee2ea5216d170d
b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1
b6646390f27d973a31c2425bff0ddccab0cee45f0a646fae5f3f2aa2c4072145
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
cabf8a3fb8bd90617ff9c942c4b768c465b8b11797b08679823d272ba6d8b80c
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
d379539a24de477f24b87b64afc7e835fc6f70d218561d0ef18ebf77b8fd61f7
d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53b9188adb8653538907662bb00c0b79f285134bbc8ffca8821e48c60534f55
ea8eff1ffc764c919755555223e130a9567d8576673fa14dddc753f99deb1f9b
f68d37d474952b1fbe30def1b69e63e79c46a70263433285783b69ac0107b929
fb3a89cc6347e098063bd15f285bc90411846ddce6f17812364feedab67a67f5