Click to jump to signature section
| Source: 00000000.00000003.1438280913.0000000000660000.00000040.00001000.00020000.00000000.sdmp | Malware Configuration Extractor: Ursnif {"RSA Public Key": "AMjVytXMgqIPwwBufHXLEl1MPT94c30AZikKp5M8X0A51wUAowHSitNKgnfJAOrLV3476+KEAGBOI8C48MIRD9cd8ibgat6qt/Plwr0BxgEEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "c2_domain": ["microsoft.com", "avast.com"], "botnet": "4780", "server": "12", "serpent_key": "10291029JSJUYUON", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "10", "dga_base_url": "constitution.org/usdeclar.txt", "dga_tld": "com ru org", "DGA_count": "10"} |
| Source: unknown | HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:49723 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:49722 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:49727 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.19.178.52:443 -> 192.168.2.9:49759 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.19.178.52:443 -> 192.168.2.9:49758 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 172.64.155.119:443 -> 192.168.2.9:49782 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 172.64.155.119:443 -> 192.168.2.9:49781 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 52.49.110.165:443 -> 192.168.2.9:49778 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 52.49.110.165:443 -> 192.168.2.9:49777 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 52.214.218.223:443 -> 192.168.2.9:49791 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 52.214.218.223:443 -> 192.168.2.9:49792 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 142.250.181.228:443 -> 192.168.2.9:49799 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 142.250.181.228:443 -> 192.168.2.9:49800 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 18.245.175.102:443 -> 192.168.2.9:49806 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 18.245.175.102:443 -> 192.168.2.9:49805 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 87.248.119.252:443 -> 192.168.2.9:49809 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 87.248.119.252:443 -> 192.168.2.9:49810 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.50.2.44:443 -> 192.168.2.9:49811 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.50.2.44:443 -> 192.168.2.9:49812 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.117.39.58:443 -> 192.168.2.9:49821 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.117.39.58:443 -> 192.168.2.9:49820 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.9:49826 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 216.58.206.34:443 -> 192.168.2.9:49824 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 216.58.206.34:443 -> 192.168.2.9:49823 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 18.165.183.15:443 -> 192.168.2.9:49829 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 18.165.183.15:443 -> 192.168.2.9:49828 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 172.217.18.6:443 -> 192.168.2.9:49833 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 172.217.18.6:443 -> 192.168.2.9:49834 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 157.240.252.13:443 -> 192.168.2.9:49837 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 157.240.252.13:443 -> 192.168.2.9:49838 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 108.139.243.30:443 -> 192.168.2.9:49835 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 108.139.243.30:443 -> 192.168.2.9:49836 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 74.125.206.155:443 -> 192.168.2.9:58443 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 74.125.206.155:443 -> 192.168.2.9:58442 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.9:58446 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 216.239.36.181:443 -> 192.168.2.9:58450 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 216.239.36.181:443 -> 192.168.2.9:58449 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 142.250.186.130:443 -> 192.168.2.9:58454 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 142.250.186.130:443 -> 192.168.2.9:58453 version: TLS 1.2 |
| Source: | Binary string: c:\speed\Money\Help\open\canDid.pdbP[l >l source: 94.exe, 00000000.00000002.2555223671.00000000006BD000.00000002.00000001.01000000.00000003.sdmp, 94.exe, 00000000.00000000.1300894363.00000000006BD000.00000002.00000001.01000000.00000003.sdmp |
| Source: | Binary string: c:\speed\Money\Help\open\canDid.pdbP[C >C source: 94.exe |
| Source: | Binary string: c:\speed\Money\Help\open\canDid.pdb source: 94.exe |
| Source: Traffic | Snort IDS: 2831962 ETPRO TROJAN Ursnif Variant CnC Beacon 8 M1 192.168.2.9:49713 -> 20.76.201.171:80 |
| Source: Traffic | Snort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.9:49713 -> 20.76.201.171:80 |
| Source: Traffic | Snort IDS: 2831963 ETPRO TROJAN Ursnif Variant CnC Beacon 8 M2 192.168.2.9:49745 -> 20.76.201.171:80 |
| Source: Traffic | Snort IDS: 2831962 ETPRO TROJAN Ursnif Variant CnC Beacon 8 M1 192.168.2.9:49745 -> 20.76.201.171:80 |
| Source: Traffic | Snort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.9:49745 -> 20.76.201.171:80 |
| Source: Traffic | Snort IDS: 2831963 ETPRO TROJAN Ursnif Variant CnC Beacon 8 M2 192.168.2.9:49753 -> 104.122.38.56:80 |
| Source: Traffic | Snort IDS: 2831962 ETPRO TROJAN Ursnif Variant CnC Beacon 8 M1 192.168.2.9:49753 -> 104.122.38.56:80 |
| Source: Traffic | Snort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.9:49753 -> 104.122.38.56:80 |
| Source: Traffic | Snort IDS: 2831963 ETPRO TROJAN Ursnif Variant CnC Beacon 8 M2 192.168.2.9:49755 -> 23.201.254.50:80 |
| Source: Traffic | Snort IDS: 2831962 ETPRO TROJAN Ursnif Variant CnC Beacon 8 M1 192.168.2.9:49755 -> 23.201.254.50:80 |
| Source: Traffic | Snort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.9:49755 -> 23.201.254.50:80 |
| Source: Joe Sandbox View | IP Address: 18.165.183.15 18.165.183.15 |
| Source: Joe Sandbox View | IP Address: 13.107.246.45 13.107.246.45 |
| Source: Joe Sandbox View | IP Address: 87.248.119.252 87.248.119.252 |
| Source: Joe Sandbox View | IP Address: 34.117.39.58 34.117.39.58 |
| Source: Joe Sandbox View | IP Address: 104.19.178.52 104.19.178.52 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 216.239.36.181 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.microsoft.com/images/fmgSs_2BZ3KjVxH/wHKkQ2B1uFMy7FTfvh/sDI1FTCZR/I89wys9_2BKDqr00ppU8/aclhk8xtXfWJvSN_2BB/_2BeW5YNyQMfCbr8JTsTk5/j9IVMv21hSYQw/o93EGoMO/FQluQM82vi57OIE1eg6jgjU/K4vGAWxNl2/B.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: wcpstatic.microsoft.comConnection: Keep-AliveCookie: MS-CV=srX4Mi324EutVIl7.1 |
| Source: global traffic | HTTP traffic detected: GET /next/1/ms.jsll-3.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.microsoft.com/images/fmgSs_2BZ3KjVxH/wHKkQ2B1uFMy7FTfvh/sDI1FTCZR/I89wys9_2BKDqr00ppU8/aclhk8xtXfWJvSN_2BB/_2BeW5YNyQMfCbr8JTsTk5/j9IVMv21hSYQw/o93EGoMO/FQluQM82vi57OIE1eg6jgjU/K4vGAWxNl2/B.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: js.monitor.azure.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /consent/b680e9a8-3d45-4e4a-998f-7d05f89e4486/OtAutoBlock.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cdn.cookielaw.orgConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cdn.cookielaw.orgConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /consent/b680e9a8-3d45-4e4a-998f-7d05f89e4486/b680e9a8-3d45-4e4a-998f-7d05f89e4486.json HTTP/1.1Accept: */*Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHOrigin: https://www.avast.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cdn.cookielaw.orgConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Accept: application/jsonReferer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHOrigin: https://www.avast.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: geolocation.onetrust.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1716989171027 HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedReferer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHOrigin: https://www.avast.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: dpm.demdex.netConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /scripttemplates/6.33.0/otBannerSdk.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cdn.cookielaw.orgConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /dest5.html?d_nsid=0 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: symantec.demdex.netConnection: Keep-AliveCookie: demdex=50343037636937159680511059771190338789 |
| Source: global traffic | HTTP traffic detected: GET /consent/b680e9a8-3d45-4e4a-998f-7d05f89e4486/c3e7d6d5-2708-484c-a3a5-b8aa447868be/en.json HTTP/1.1Accept: */*Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHOrigin: https://www.avast.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cdn.cookielaw.orgConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /ibs:dpid=411&dpuuid=Zlcs9QAAABtdXQNe HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: dpm.demdex.netCookie: demdex=50343037636937159680511059771190338789 |
| Source: global traffic | HTTP traffic detected: GET /pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=566323352.1716989172&url=https%3A%2F%2Fwww.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi&dma=0&npa=0>m=45He45m0n71PZ48F8v71039428za200&auid=1692554832.1716989172 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /c/hotjar-470805.js?sv=7 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.hotjar.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /wi/ytc.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: s.yimg.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /scripttemplates/6.33.0/assets/otCenterRounded.json HTTP/1.1Accept: */*Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHOrigin: https://www.avast.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cdn.cookielaw.orgConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /api/mhubc.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mstatic.avast.comConnection: Keep-AliveCookie: AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19873%7CMCMID%7C50143117599020028650530509156322338900%7CMCAAMLH-1717593971%7C6%7CMCAAMB-1717593971%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1716996371s%7CNONE%7CvVersion%7C5.5.0; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; sdl_cid=1735890227.1716989172; _gcl_au=1.1.1692554832.1716989172 |
| Source: global traffic | HTTP traffic detected: GET /scripttemplates/6.33.0/assets/otCommonStyles.css HTTP/1.1Accept: */*Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHOrigin: https://www.avast.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cdn.cookielaw.orgConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /active/avastcom.jsp HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.upsellit.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /scripttemplates/6.33.0/assets/v2/otPcPanel.json HTTP/1.1Accept: */*Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHOrigin: https://www.avast.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cdn.cookielaw.orgConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=566323352.1716989172&url=https%3A%2F%2Fwww.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi&dma=0&npa=0>m=45He45m0n71PZ48F8v71039428za200&auid=1692554832.1716989172 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: googleads.g.doubleclick.net |
| Source: global traffic | HTTP traffic detected: GET /modules.7b6d7646601d8cd7fb5f.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: script.hotjar.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /wi/config/10156543.json HTTP/1.1Accept: */*Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHOrigin: https://www.avast.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: s.yimg.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /activityi;src=4711400;type=globa0;cat=avast0;ord=1;num=1850339154548;npa=0;auiddc=1692554832.1716989172;u2=Product;u7=www.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi;u8=;u17=undefined;pscdl=noapi;frm=0;gtm=45fe45m0v9181661103z871039428za201zb71039428;gcs=G111;gcd=13t3t3t3t5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi? HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: 4711400.fls.doubleclick.netConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: connect.facebook.netConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /trustboxes/5419b6ffb0d04a076446a9af/index.html?businessunitId=46d31466000064000500a775&templateId=5419b6ffb0d04a076446a9af HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: widget.trustpilot.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /logos/static/powered_by_logo.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cdn.cookielaw.orgConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /g/collect?v=2&tid=G-WZQ6MQ6RF3&cid=716345675.1716989174>m=45je45m0v894455947za200zb868619592&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5&npa=0&frm=0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: stats.g.doubleclick.netConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /trustboxes/5419b6ffb0d04a076446a9af/main.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/index.html?businessunitId=46d31466000064000500a775&templateId=5419b6ffb0d04a076446a9afAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: widget.trustpilot.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /g/collect?v=2&tid=G-WZQ6MQ6RF3>m=45je45m0v894455947za200zb868619592&_p=1716989170681&_gaz=1&gcs=G111&gcd=13t3t3t3t5&npa=0&dma=0&cid=716345675.1716989174&ul=en-ch&sr=1280x1024&ir=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1716989174&sct=1&seg=0&dl=https%3A%2F%2Fwww.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi&dt=404%20Not%20Found&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.admin_gtm_version=GTM-WPC6R3K%7C99%7Cfalse&ep.client_consent=C0001%3A1%2C%20C0003%3A1%2C%20C0002%3A1%2C%20BG270%3A1%2C%20C0004%3A1%2C%20C0005%3A1&ep.client_cid=1735890227.1716989172&ep.screen_src_cookie=999_a8e__null&ep.screen_unlocalized_path=www.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi&ep.server_info=-%7C-%7C-&ep.session_secchua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&up.cmp_id=088863c3-1500-47ae-a7ff-6d3bc97cc3f1&tfd=4606 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: analytics.google.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /ddm/fls/z/src=4711400;type=globa0;cat=avast0;ord=1;num=1850339154548;npa=0;auiddc=*;u2=Product;u7=www.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi;u8=;u17=undefined;pscdl=noapi;frm=0;gtm=45fe45m0v9181661103z871039428za201zb71039428;gcs=G111;gcd=13t3t3t3t5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://4711400.fls.doubleclick.net/activityi;src=4711400;type=globa0;cat=avast0;ord=1;num=1850339154548;npa=0;auiddc=1692554832.1716989172;u2=Product;u7=www.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi;u8=;u17=undefined;pscdl=noapi;frm=0;gtm=45fe45m0v9181661103z871039428za201zb71039428;gcs=G111;gcd=13t3t3t3t5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi?Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: adservice.google.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /stats/TrustboxImpression?cmpName=trustpilot&scrollToList=true&noReviews=hide&stars=1%2C2%2C3%2C4%2C5&theme=light&locale=en-ww&url=https%3A%2F%2Fwww.avast.com%2Fimages%2FWXhVS_2FAVrU7RNQFAMFujb%2FaZ0qj63dDA%2Fm6olxsuo9xSBIp6g2%2FAVPhCqCsDDni%2F153LBasglGZ%2FQX6qWL6ApOm_2B%2FeIGgL3tnVNmIv2mnflfDT%2F3CifOJ8skD8raBuc%2FSAbNMFVGVIBUYBB%2F34bc0VN_2Bo%2FeVngNF.avi%23pc&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&language=en-CH&platform=Win32&nosettings=1&businessUnitId=46d31466000064000500a775&widgetId=5419b6ffb0d04a076446a9af HTTP/1.1Accept: */*Content-type: application/x-www-form-urlencodedReferer: https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/index.html?businessunitId=46d31466000064000500a775&templateId=5419b6ffb0d04a076446a9afAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: widget.trustpilot.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-58120669-2&cid=716345675.1716989174&jid=593781856&_u=YDDACUQABAQCACAHKg~&z=956945421 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.avast.com/images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.aviAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-Alive |
| Source: global traffic | HTTP traffic detected: GET /images/WXhVS_2FAVrU7RNQFAMFujb/aZ0qj63dDA/m6olxsuo9xSBIp6g2/AVPhCqCsDDni/153LBasglGZ/QX6qWL6ApOm_2B/eIGgL3tnVNmIv2mnflfDT/3CifOJ8skD8raBuc/SAbNMFVGVIBUYBB/34bc0VN_2Bo/eVngNF.avi HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: avast.comConnection: Keep-Alive |
| Source: 94.exe, 00000000.00000003.2489923235.0000000000C94000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: !function(b,e,f,g,a,c,d){b.fbq||(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq||(b._fbq=a),a.push=a,a.loaded=!0,a.version="2.0",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,"script","https://connect.facebook.net/en_US/fbevents.js");fbq("set","autoConfig",!1,"334783782127169");fbq("init","334783782127169");fbq("track","PageView"); <img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=334783782127169&ev=PageView&noscript=1"> equals www.facebook.com (Facebook) |
| Source: fbevents[1].js.20.dr | String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage||function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"*");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules||(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]||(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)||(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var b=f.getFbeventsModules("signalsFBEventsGetTier"),c=d();function d(){try{if(a.trustedTypes&&a.trustedTypes.createPolicy){var b=a.trustedTypes;return b.createPolicy("facebook.com/signals/iwl",{createScriptURL:function(a){var b=new URL(a);b=b.hostname.endsWith(".facebook.com")&&b.pathname=="/signals/iwl.js";if(!b)throw new Error("Disallowed script URL");return a}})}}catch(a){}return null}e.exports=function(a,d){d=b(d);d=d==null?"www.facebook.com":"www."+d+".facebook.com";d="https://"+d+"/signals/iwl.js?pixel_id="+a;if(c!=null)return c.createScriptURL(d);else return d}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getF |
Edit tour
94.exe (PID: 1424 cmdline: 
WmiPrvSE.exe (PID: 5708 cmdline: 
iexplore.exe (PID: 1080 cmdline: 
ssvagent.exe (PID: 2228 cmdline: 
