www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
Submission Tags: falconsandbox
Submission: On December 02 via api (December 2nd 2020, 12:15:38 am UTC) from US

Summary HTTP 29 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 29 HTTP transactions. The main IP is 212.23.151.164, located in Bochum, Germany and belongs to TMR, DE. The main domain is www.gdatasoftware.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on May 19th 2020. Valid for: 2 years.

This is the only time www.gdatasoftware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	212.23.151.164 212.23.151.164	12329 (TMR) (TMR)
3	85.25.214.59 85.25.214.59	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
29	2

26 212.23.151.164 (Bochum, Germany)

ASN12329 (TMR, DE)

www.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.25.214.59 (Germany)

ASN8972 (GD-EMEA-DC-SXB1, DE)
PTR: malta1055.startdedicated.com

file.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	gdatasoftware.com www.gdatasoftware.com file.gdatasoftware.com	3 MB
29	1

	Domain	Requested by
26	www.gdatasoftware.com	www.gdatasoftware.com
3	file.gdatasoftware.com	www.gdatasoftware.com
29	2

This site contains links to these domains. Also see Links.

Domain
www.gdata.de
feeds.feedblitz.com
malwaretips.com
twitter.com
www.xing.com
www.linkedin.com
www.facebook.com
reddit.com
www.youtube.com

Subject Issuer	Validity	Valid
*.gdatasoftware.com Sectigo RSA Organization Validation Secure Server CA	`2020-05-19` - `2022-08-17`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
Frame ID: 460D38AF7FC2364442DE1D15BAE7E135
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

TYPO3 CMS (CMS) Expand

Overall confidence: 100%
Detected patterns

meta generator /TYPO3\s+(?:CMS\s+)?([\d.]+)?(?:\s+CMS)?/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /TYPO3\s+(?:CMS\s+)?([\d.]+)?(?:\s+CMS)?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

29
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

2814 kB
Transfer

3229 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gdata.de/blog
Title:

Search URL Search Domain Scan URL

URL: https://feeds.feedblitz.com/GDataSecurityBlog-EN&x=1
Title:

Search URL Search Domain Scan URL

URL: https://malwaretips.com/members/mcmcbrad.89360/
Title: McMcbrad

Search URL Search Domain Scan URL

URL: https://malwaretips.com/
Title: Malwaretips.com

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=IceRat%20evades%20antivirus%20by%20running%20PHP%20on%20Java%20VM%20%7C%20G%20DATA&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Ficerat-evades-antivirus-by-using-jphp&via=GDATA

Search URL Search Domain Scan URL

URL: https://www.xing.com/spi/shares/new?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Ficerat-evades-antivirus-by-using-jphp

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&summary=IceRat%20keeps%20low%20detections%20rates%20for%20weeks%20by%20using%20an%20unusual%20language%20implementation%3A%20JPHP.%20But%20there%20are%20more%20reasons%20than%20the%20choice%20of%20the%20compiler.%20This%20article%20explores%20IceRat%20and%20explains%20a%20way%20to%20analyze%20JPHP%20malware.&title=IceRat%20evades%20antivirus%20by%20running%20PHP%20on%20Java%20VM%20%7C%20G%20DATA&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Ficerat-evades-antivirus-by-using-jphp

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Ficerat-evades-antivirus-by-using-jphp

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Ficerat-evades-antivirus-by-using-jphp&title=IceRat%20evades%20antivirus%20by%20running%20PHP%20on%20Java%20VM%20%7C%20G%20DATA

Search URL Search Domain Scan URL

URL: https://www.facebook.com/gdatasoftwareag

Search URL Search Domain Scan URL

URL: https://twitter.com/GDATA

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/GDataSoftwareAG

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request icerat-evades-antivirus-by-using-jphp Show response
www.gdatasoftware.com/blog/ 42 KB
14 KB 112ms
37ms Document
text/html 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

539c9446dcfe7fa9ae3d2a25f69479d9f4737b8d4c0938b2fc51984b903532e9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.gdatasoftware.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 02 Dec 2020 00:15:21 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age: 43200
Content-Encoding: gzip
Content-Language: en
Etag: W/"2eb769cb890eab6d5f29d94f6facb2ae"
Expires: Mon, 14 Dec 2020 23:00:00 GMT
Pragma: public
GD_COUNTRY_CODE: GB
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade

GET
H/1.1 200
OK vhs-assets-5b9de08ed4381d6d419362e5ce725858.css
www.gdatasoftware.com/typo3temp/assets/ 181 KB
35 KB 37ms
36ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1606507686

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

273f606321a3f43af17183081ea17959f5e90505850aad7d443281dd09f73c7c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 17:28:17 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5fc67d31-2d425"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Wed, 02 Dec 2020 12:15:21 GMT

GET
H/1.1 200
OK vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js Show response
www.gdatasoftware.com/typo3temp/assets/ 109 KB
39 KB 105ms
58ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js?1606825240

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

d8943a697b9c2a188d99c20145b16849ec3e2feac56c4771980cc92bcca72d85

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 02 Dec 2020 00:12:12 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5fc6dbdc-1b407"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Wed, 02 Dec 2020 12:15:21 GMT

GET
H/1.1 200
OK logo_claim_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 3 KB
3 KB 24ms
24ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_white.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 2583
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 20 Nov 2020 12:50:18 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fb7bb8a-a17"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK DE.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/ 966 B
1 KB 28ms
24ms Image
image/svg+xml 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/DE.svg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 20 Nov 2020 12:50:18 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5fb7bb8a-3c6"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK jphp_unpacked_files.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 37 KB
38 KB 26ms
22ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/jphp_unpacked_files.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

2bc1ef33c6f4611f6d5f8964640ffc5e1ff07fed3347e6ca703d95e0f4ba2b49

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 38247
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:15 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61abf-9567"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK jphp_application_conf.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 8 KB
9 KB 57ms
28ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/jphp_application_conf.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

066ab94abfe8828d542207561698426e7e8879d3d6c8fde21c4053abf1d98997

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 8634
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:16 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61ac0-21ba"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK jphp_cafebabe.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 74 KB
75 KB 88ms
41ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/jphp_cafebabe.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

07690743c425771982a0ba5fdc3a98c7f57e30f0d10e91632630363a33a7873a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 75562
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:17 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61ac1-1272a"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK jphp_cafebabe2.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 82 KB
83 KB 91ms
42ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/jphp_cafebabe2.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

12357f80839b4375f6baccfa042cc2b71695547f08ebc84e77b26743e2c1fc24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 83816
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:17 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61ac1-14768"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK jphp_beforedeobfus_e018e57d12.png
www.gdatasoftware.com/fileadmin/_processed_/6/1/ 259 KB
260 KB 91ms
42ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/6/1/jphp_beforedeobfus_e018e57d12.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

2de12b2016e643a165c3ad496b9c726925951bd34642863e868f86fd92304c46

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 265554
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:29:03 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61aef-40d52"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK jphp_afterdeobfus_6dc59add1f.png
www.gdatasoftware.com/fileadmin/_processed_/8/6/ 145 KB
145 KB 73ms
48ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/8/6/jphp_afterdeobfus_6dc59add1f.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

bb51833f1159ff13e97f7f613b9fc9f31b1d724e442fd613bee830e45488c582

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 148039
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:29:04 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61af0-24247"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK IceRat_infection_chain.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 109 KB
109 KB 29ms
29ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/IceRat_infection_chain.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

8b038804a8ec09033229a78d0ef08c05b1e45ac636f841768e48c90b643fbd27

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 111263
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:22 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61ac6-1b29f"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK cryptotab_window.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 10 KB
11 KB 24ms
24ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/cryptotab_window.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

dfa5775e3c5f5ea99ab89d46d2324984e34c4833706e2e8ad18702db9b99b140

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 10159
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:20 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61ac4-27af"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK jphp_logfilelisting.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 80 KB
80 KB 22ms
22ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/jphp_logfilelisting.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

e32c402523f056293bc4e5b7fd81f011db96bc85bcf0f437f18f46b29eee839a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 81442
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:21 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61ac5-13e22"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK icerat_detectionrate_jphp.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 37 KB
38 KB 21ms
21ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/icerat_detectionrate_jphp.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

b92f95e402230105395898393bc9809e8a29e47e6c33311b9f08309db16b9782

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:22 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 38035
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:23 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61ac7-9493"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:22 GMT

GET
H/1.1 200
OK icerat_detectionrate_miner.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 114 KB
115 KB 21ms
21ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/icerat_detectionrate_miner.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

22cf7b8174485174709f8e59a6147c3a6074ba9195dfc2761f8290888c36fc12

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:22 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 116501
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:24 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61ac8-1c715"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:22 GMT

GET
H/1.1 200
OK manila_panel.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/ 1 MB
1 MB 28ms
27ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/12/manila_panel.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

899efb1c89139ae5be37ef1d6350314adc57a83922167510949ccde8b5b1d023

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:22 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1383002
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:25 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61ac9-151a5a"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:22 GMT

GET
H/1.1 200
OK hahn_karsten_7c2341c8d2.jpg
www.gdatasoftware.com/fileadmin/_processed_/0/d/ 4 KB
5 KB 64ms
21ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/0/d/hahn_karsten_7c2341c8d2.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 3981
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 19 Jun 2020 09:30:32 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5eec85b8-f8d"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK G_DATA_Blog_RebrandBabax_Preview_0176fdcc82.jpg
www.gdatasoftware.com/fileadmin/_processed_/8/c/ 11 KB
12 KB 25ms
24ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/8/c/G_DATA_Blog_RebrandBabax_Preview_0176fdcc82.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

8bea06b302e676beeabc0623260ecce90d429a0c9a58455f16f229f64cbc0184

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:22 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 11546
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:29:06 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61af2-2d1a"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:22 GMT

GET
H/1.1 200
OK G_Data_Blog_TRat_Preview_ab303ac0ac.jpg
www.gdatasoftware.com/fileadmin/_processed_/f/f/ 5 KB
6 KB 21ms
21ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/f/f/G_Data_Blog_TRat_Preview_ab303ac0ac.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

5e3abeaf54493265eb14d26a7bf34758a84dc02235c9409a3c9c8440df6a8d9c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:22 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 5458
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 17 Nov 2020 11:30:25 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fb3b451-1552"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:22 GMT

GET
H/1.1 200
OK G_DATA_Blog_Excel_Rat_Preview_38738d1d37.jpg
www.gdatasoftware.com/fileadmin/_processed_/3/d/ 5 KB
6 KB 21ms
21ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/3/d/G_DATA_Blog_Excel_Rat_Preview_38738d1d37.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

b681e17accabcb8f0ca4b1c8e91c17c1e15ce661b7346d415d78dc9184cda201

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:22 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 4799
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 19 Jun 2020 09:31:06 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5eec85da-12bf"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:22 GMT

GET
H/1.1 200
OK PeKraut_3_Preview_7f51253302.jpg
www.gdatasoftware.com/fileadmin/_processed_/e/9/ 4 KB
5 KB 21ms
21ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/e/9/PeKraut_3_Preview_7f51253302.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

4736cf6b0c0fed3e8956f632576af1d5e3e7feb448f4bea01af45aa9d15412cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:22 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 4248
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 19 Jun 2020 09:34:53 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5eec86bd-1098"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:22 GMT

GET
H/1.1 200
OK logo_claim_2016_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 4 KB
5 KB 22ms
22ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_2016_white.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:22 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 3871
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 20 Nov 2020 12:50:18 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fb7bb8a-f1f"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:22 GMT

GET
H/1.1 200
OK vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js Show response
www.gdatasoftware.com/typo3temp/assets/ 272 KB
83 KB 45ms
45ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js?1606579880

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

7741ca9af8584cba0f4dd25daa5d3509fc92ddfffa6fdc63cd6a7f578deff1a5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 18:23:56 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5fc68a3c-441ad"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Wed, 02 Dec 2020 12:15:21 GMT

GET
H/1.1 200
OK G_DATA_Blog_IceRAT_Header.jpg
www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/11_2020/ 94 KB
94 KB 50ms
26ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/11_2020/G_DATA_Blog_IceRAT_Header.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

1beb08d0afd4a8f84d9c11b25a2e467af2e2dfa3b4b2495d38da231a2c519ffb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 95864
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Dec 2020 10:28:13 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fc61abd-17678"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 13 Jan 2021 00:15:21 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-regular.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 83ms
15ms Font
application/octet-stream 85.25.214.59
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-regular.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1606507686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: malta1055.startdedicated.com
Software: nginx /
Resource Hash: 72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1606507686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25656
Expires: Wed, 09 Dec 2020 00:15:21 GMT

GET
H/1.1 200
OK gcon1-989.ttf
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/ 115 KB
115 KB 75ms
55ms Font
application/octet-stream 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon1-989.ttf?waerhgm
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1606507686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software: nginx /
Resource Hash: dbc0a7e5c3d9d56b4ec39ca42d03e107f6b8529d6608a1e257112729fb18b75a

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1606507686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
Last-Modified: Fri, 20 Nov 2020 12:50:18 GMT
Server: nginx
Etag: "5fb7bb8a-1cbec"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: https://www.gdatasoftware.com
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 117740
Expires: Thu, 02 Dec 2021 00:15:21 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-300.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 86ms
15ms Font
application/octet-stream 85.25.214.59
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-300.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1606507686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: malta1055.startdedicated.com
Software: nginx /
Resource Hash: 9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1606507686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25716
Expires: Wed, 09 Dec 2020 00:15:21 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-600.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 93ms
14ms Font
application/octet-stream 85.25.214.59
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-600.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1606507686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: malta1055.startdedicated.com
Software: nginx /
Resource Hash: 5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1606507686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 00:15:21 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25520
Expires: Wed, 09 Dec 2020 00:15:21 GMT

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

file.gdatasoftware.com
www.gdatasoftware.com
212.23.151.164
85.25.214.59
066ab94abfe8828d542207561698426e7e8879d3d6c8fde21c4053abf1d98997
07690743c425771982a0ba5fdc3a98c7f57e30f0d10e91632630363a33a7873a
12357f80839b4375f6baccfa042cc2b71695547f08ebc84e77b26743e2c1fc24
19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19
1beb08d0afd4a8f84d9c11b25a2e467af2e2dfa3b4b2495d38da231a2c519ffb
211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40
22cf7b8174485174709f8e59a6147c3a6074ba9195dfc2761f8290888c36fc12
273f606321a3f43af17183081ea17959f5e90505850aad7d443281dd09f73c7c
2bc1ef33c6f4611f6d5f8964640ffc5e1ff07fed3347e6ca703d95e0f4ba2b49
2de12b2016e643a165c3ad496b9c726925951bd34642863e868f86fd92304c46
4736cf6b0c0fed3e8956f632576af1d5e3e7feb448f4bea01af45aa9d15412cd
539c9446dcfe7fa9ae3d2a25f69479d9f4737b8d4c0938b2fc51984b903532e9
5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4
5e3abeaf54493265eb14d26a7bf34758a84dc02235c9409a3c9c8440df6a8d9c
72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b
7741ca9af8584cba0f4dd25daa5d3509fc92ddfffa6fdc63cd6a7f578deff1a5
7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f
899efb1c89139ae5be37ef1d6350314adc57a83922167510949ccde8b5b1d023
8b038804a8ec09033229a78d0ef08c05b1e45ac636f841768e48c90b643fbd27
8bea06b302e676beeabc0623260ecce90d429a0c9a58455f16f229f64cbc0184
9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2
b681e17accabcb8f0ca4b1c8e91c17c1e15ce661b7346d415d78dc9184cda201
b92f95e402230105395898393bc9809e8a29e47e6c33311b9f08309db16b9782
bb51833f1159ff13e97f7f613b9fc9f31b1d724e442fd613bee830e45488c582
d8943a697b9c2a188d99c20145b16849ec3e2feac56c4771980cc92bcca72d85
dbc0a7e5c3d9d56b4ec39ca42d03e107f6b8529d6608a1e257112729fb18b75a
dfa5775e3c5f5ea99ab89d46d2324984e34c4833706e2e8ad18702db9b99b140
e32c402523f056293bc4e5b7fd81f011db96bc85bcf0f437f18f46b29eee839a
ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db

www.gdatasoftware.com Open in urlscan Pro 212.23.151.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

29 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

2814 kBTransfer

3229 kBSize

0 Cookies

12 Outgoing links

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

2814 kB
Transfer

3229 kB
Size

0
Cookies

29 HTTP transactions
0 data transactions