www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket
Submission: On October 24 via api (October 24th 2024, 10:41:12 am UTC) from IN — Scanned from DE

Summary HTTP 41 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 41 HTTP transactions. The main IP is 212.23.151.164, located in Bochum, Germany and belongs to TMR, DE. The main domain is www.gdatasoftware.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on August 9th 2024. Valid for: a year.

This is the only time www.gdatasoftware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	212.23.151.164 212.23.151.164	12329 (TMR) (TMR)
7	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 _) (CDN77 _)
4	87.230.98.78 87.230.98.78	61157 (PLUSSERVE...) (PLUSSERVER-ASN1)
41	4

30 212.23.151.164 (Bochum, Germany)

ASN12329 (TMR, DE)

www.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)

cdn.consentmanager.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 87.230.98.78 (Germany)

ASN61157 (PLUSSERVER-ASN1, DE)
PTR: ds87-230-98-78.dedicated.psmanaged.com

b.delivery.consentmanager.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	gdatasoftware.com www.gdatasoftware.com	1 MB
11	consentmanager.net cdn.consentmanager.net — Cisco Umbrella Rank: 16023 b.delivery.consentmanager.net — Cisco Umbrella Rank: 27684	167 KB
41	2

	Domain	Requested by
30	www.gdatasoftware.com	www.gdatasoftware.com
7	cdn.consentmanager.net	www.gdatasoftware.com cdn.consentmanager.net b.delivery.consentmanager.net
4	b.delivery.consentmanager.net	cdn.consentmanager.net b.delivery.consentmanager.net www.gdatasoftware.com
41	3

This site contains links to these domains. Also see Links.

Domain
www.gdata.de
feeds.feedblitz.com
blog.checkpoint.com
blog.qualys.com
twitter.com
www.xing.com
www.linkedin.com
www.facebook.com
reddit.com
de.linkedin.com
www.threads.net
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
*.gdatasoftware.com Sectigo RSA Organization Validation Secure Server CA	`2024-08-09` - `2025-09-09`	a year	crt.sh
1376624012.rsc.cdn77.org E5	`2024-09-05` - `2024-12-04`	3 months	crt.sh
b.delivery.consentmanager.net R11	`2024-09-10` - `2024-12-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket
Frame ID: E90D40B7D95E18944874EE02DE6ACFB0
Requests: 42 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malware by the (Bit)Bucket: Uncovering AsyncRAT

Detected technologies

TYPO3 CMS (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+ href="/?typo3(?:conf|temp)/

Page Statistics

41
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

1668 kB
Transfer

2558 kB
Size

2
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gdata.de/blog

Search URL Search Domain Scan URL

URL: https://feeds.feedblitz.com/GDataSecurityBlog-EN&x=1

Search URL Search Domain Scan URL

URL: https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/
Title: https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/

Search URL Search Domain Scan URL

URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/08/16/asyncrat-c2-framework-overview-technical-analysis-and-detection
Title: https://blog.qualys.com/vulnerabilities-threat-research/2022/08/16/asyncrat-c2-framework-overview-technical-analysis-and-detection

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Malware%20by%20the%20(Bit)Bucket%3A%20Uncovering%20AsyncRAT&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket&via=GDATA

Search URL Search Domain Scan URL

URL: https://www.xing.com/spi/shares/new?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&summary=Criminals%20have%20been%20abusing%20Bitbucket%20for%20hosting%20malware%20for%20a%20while.%20In%20a%20recent%20case%2C%20we%20found%20a%20Remote%20Access%20Trojan%20(RAT).%20Here%20are%20the%20details!&title=Malware%20by%20the%20(Bit)Bucket%3A%20Uncovering%20AsyncRAT&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket&title=Malware%20by%20the%20(Bit)Bucket%3A%20Uncovering%20AsyncRAT

Search URL Search Domain Scan URL

URL: https://de.linkedin.com/company/g-data-cyberdefense

Search URL Search Domain Scan URL

URL: https://www.facebook.com/gdatasoftwareag

Search URL Search Domain Scan URL

URL: https://www.threads.net/@gdatacyberdefense

Search URL Search Domain Scan URL

URL: https://www.instagram.com/gdatacyberdefense

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/GDataSoftwareAG

Search URL Search Domain Scan URL

URL: https://www.gdata.de/help/en/business/HowToArtikel/Virenanalyse/DateiURLAppEinsenden/
Title: Submit a suspicious file, app or URL

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 38043-asyncrat-bitbucket Show response
www.gdatasoftware.com/blog/2024/10/ 44 KB
12 KB 83ms
22ms Document
text/html 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

8d7529a1f758ae2646b1aca6ebe311413b46ad136268bc8ff2eab695622b1e83

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: max-age=42628
content-encoding: gzip
content-language: en
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
content-type: text/html; charset=utf-8
date: Thu, 24 Oct 2024 10:41:06 GMT
etag: W/"8edc066ea5fe5fc784710e575da8c7b2"
expires: Thu, 24 Oct 2024 22:00:00 GMT
gd_country_code: GB
pragma: public
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 basic-styles.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/ 136 KB
27 KB 46ms
44ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/basic-styles.css?1729663114

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

016d9a327e05fe4130b6c813d33ad2b5a8f1b55af3ba6bd98a5bfab46341b9e6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=43200
content-encoding: gzip
etag: W/"6718908a-22028"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 24 Oct 2024 22:41:06 GMT
date: Thu, 24 Oct 2024 10:41:06 GMT
x-xss-protection: 0
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 gcon.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/ 14 KB
4 KB 62ms
60ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon.css?1729663114

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

de29fa42fdcdbc32e060d8e033322b3d0151f70e82dd08e8c9c9996e6c343dcb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=43200
content-encoding: gzip
etag: W/"6718908a-3806"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 24 Oct 2024 22:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 source-sans-pro.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/ 1 KB
1 KB 63ms
61ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1729663114

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

12bbeb4a5c75cfa4f290f8da4a9282a835f6704b94917c5bc05d4430aa9b31dd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=43200
content-encoding: gzip
etag: W/"6718908a-51f"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 24 Oct 2024 22:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 prism.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/assets/ 4 KB
2 KB 63ms
62ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/assets/prism.css?1729663114

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

77f9291def17b8ae239f0f5181ad69a3923dbcc7835ba7aaa4cb1d1cb2142211

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=43200
content-encoding: gzip
etag: W/"6718908a-f70"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 24 Oct 2024 22:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 menu-2019.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/elements/ 19 KB
5 KB 67ms
66ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/elements/menu-2019.css?1729663114

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

3e17d9ffedd7459d58e6c669de912c510574ec762c6c64fa599ed7e660cad7ba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=43200
content-encoding: gzip
etag: W/"6718908a-4ae8"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 24 Oct 2024 22:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 blogpage.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/assets/ 15 KB
4 KB 62ms
61ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/assets/blogpage.css?1729663114

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

e269f4a039beda664bcd9294fe3f36f6ebfdf31dc2c02bee383f47ae67003af8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=43200
content-encoding: gzip
etag: W/"6718908a-3c29"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 24 Oct 2024 22:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 fe6daaf9c1a67.js Show response
cdn.consentmanager.net/delivery/autoblocking/ 76 KB
16 KB 118ms
34ms Script
text/javascript 2a02:6ea0:c700::19
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.consentmanager.net/delivery/autoblocking/fe6daaf9c1a67.js

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

d1c2819593de23c2a5128bbf9c346da286f9523cf31aea5c24803b983cc99ac5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

content-encoding: gzip
x-77-cache: HIT
expires: Thu, 24 Oct 2024 11:05:17 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: public, max-age=1800
content-type: text/javascript; charset=utf-8
x-77-nzt-ray: 4c156224e1d5b0b443241a6784893f03
vary: Accept-Encoding
last-modified: Thu, 24 Oct 2024 10:35:17 GMT
x-77-nzt: EgwBw7WqEQH3QAEAAAwBisclxAG3HgAAAA
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-77-pop: frankfurtDE
x-xss-protection: 0
x-77-age: 320
server: CDN77-Turbo

GET
H2 200 logo-for-dark.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 3 KB
3 KB 63ms
62ms Image
image/svg+xml 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo-for-dark.svg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

5bd5ebcf03a341e616a7b8361cf09a193e9e4b96fda68c679a6c53a07f5c31bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
content-encoding: gzip
etag: W/"6718908a-d6f"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/svg+xml
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 DE.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/ 966 B
2 KB 64ms
63ms Image
image/svg+xml 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/DE.svg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
content-encoding: gzip
etag: W/"6718908a-3c6"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/svg+xml
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 nopicture_profile_eb01881170.png
www.gdatasoftware.com/fileadmin/_processed_/f/8/ 2 KB
3 KB 35ms
33ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/f/8/nopicture_profile_eb01881170.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

3300c71f99c8fa4c2640fd27bf9941ad78be011dcf841d88f455b6fb767daddb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f457a-673"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 1651
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/png
last-modified: Wed, 16 Oct 2024 04:47:54 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 G_DATA_Blog_Brazil_Malware_Assy_Preview_038e78bb1c.jpg
www.gdatasoftware.com/fileadmin/_processed_/6/4/ 9 KB
10 KB 37ms
35ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/6/4/G_DATA_Blog_Brazil_Malware_Assy_Preview_038e78bb1c.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

eb4d4ab5d5bb9ec797999c3c5280f694599cba6ea652af8ea6feb9c67802594f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f4560-226c"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 8812
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:47:28 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 G_DATA_Blog_Ailurophile_Infostealer_Preview_15eb545266.jpg
www.gdatasoftware.com/fileadmin/_processed_/d/c/ 7 KB
8 KB 38ms
36ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/d/c/G_DATA_Blog_Ailurophile_Infostealer_Preview_15eb545266.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

5eed2dca159844eb0260471076b602f572491778e0914b45d97eba85ebb4f668

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f4572-1ac2"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 6850
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:47:46 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 logo-for-light.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 3 KB
3 KB 29ms
29ms Image
image/svg+xml 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo-for-light.svg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

bff274c9a37425256c5eef9791075ccba934922e61acbe80e8bd4f22e0ac1257

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
content-encoding: gzip
etag: W/"6718908a-d72"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/svg+xml
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 merged-f081765a3ed763d7fe90ca1c11ab5a25.js Show response
www.gdatasoftware.com/typo3temp/assets/compressed/ 382 KB
122 KB 45ms
44ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/compressed/merged-f081765a3ed763d7fe90ca1c11ab5a25.js?1729664179

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

d260dec5586aac2de1d81c5dfde69b1f0df60c6626dd77f0b8321b464c622d08

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=43200
content-encoding: gzip
etag: W/"671894b3-5f893"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 24 Oct 2024 22:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 06:16:19 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 gd-mainmenu-2019.js Show response
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/JavaScript/ 5 KB
2 KB 35ms
35ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/JavaScript/gd-mainmenu-2019.js?1729663114

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

7a7abe196a5d8d760adbec74b6dcf7af2f35c91a06b4e033928ee5c03dfb7e9b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=43200
content-encoding: gzip
etag: W/"6718908a-128e"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 24 Oct 2024 22:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 gd-guidebook.js Show response
www.gdatasoftware.com/typo3conf/ext/gd_pagenews/Resources/Public/JavaScript/ 2 KB
2 KB 34ms
31ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_pagenews/Resources/Public/JavaScript/gd-guidebook.js?1729663114

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

eaee182f99fdf2d211c29221098ce1d2a326f78ee7126ce481d0c139e91b0d01

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=43200
content-encoding: gzip
etag: W/"6718908a-955"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 24 Oct 2024 22:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 cmp.php Show response
b.delivery.consentmanager.net/delivery/ 1 KB
985 B 66ms
19ms Script
text/javascript 87.230.98.78
PLUSSERVER-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://b.delivery.consentmanager.net/delivery/cmp.php?id=97569&h=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket&l=en&ls=EN_EN_DE&lp=EN&o=1729766467100

Requested by

Host: cdn.consentmanager.net
URL: https://cdn.consentmanager.net/delivery/autoblocking/fe6daaf9c1a67.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

87.230.98.78 , Germany, ASN61157 (PLUSSERVER-ASN1, DE),

Reverse DNS

ds87-230-98-78.dedicated.psmanaged.com

Software

Resource Hash

09b801116c0a2ba26fd55d603b08b3a588b3e37df952e79d68b2d4278805cfd8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Thu, 01 Dec 1994 16:00:00 GMT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: no-store, no-cache, must-revalidate
last-modified: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8

GET
H2 200 cmp_final.min.js Show response
cdn.consentmanager.net/delivery/js/ 443 KB
96 KB 21ms
20ms Script
application/javascript 2a02:6ea0:c700::19
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.consentmanager.net/delivery/js/cmp_final.min.js?t=2024-10-24
Requested by: Host: cdn.consentmanager.net
URL: https://cdn.consentmanager.net/delivery/autoblocking/fe6daaf9c1a67.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ed8909e15e1f2e9d0ba9694bc5bd3cf04f19aa3a40b1f8536ad0f675450b5991

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

content-encoding: gzip
etag: W/"6eb12-625131cf9c040"
x-77-cache: HIT
expires: Wed, 23 Oct 2024 16:18:14 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: max-age=86400
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 16:18:01 GMT
x-77-nzt-ray: 4c156224e1d5b0b443241a674078c406
vary: Accept-Encoding
x-77-nzt: EwwBw7WqEQH3fAIBAAgBuUwKAQFhDAElE8I0BbUBAAAA
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-77-pop: frankfurtDE
x-77-age: 66172
server: CDN77-Turbo

GET
H2 200 G_DATA_Blog_AsyncRAT_Header.jpg
www.gdatasoftware.com/fileadmin/web/general/images/blog/2024/10/ 360 KB
361 KB 28ms
28ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2024/10/G_DATA_Blog_AsyncRAT_Header.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

92595136b2df4f4776832b171be8de1087d17d0f637ca7c4838e354df2eb6a44

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f45e6-59f6b"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 368491
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:49:42 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
DATA 200
OK truncated
/ 870 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f37573409d9e7abddbbfbb516297cd89d7c0901b2743e23f0a7f91ebeac75c79

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 source-sans-pro-v13-latin-ext_latin-regular.woff2
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/ 25 KB
25 KB 47ms
45ms Font
font/woff2 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-regular.woff2

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1729663114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1729663114

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=3628800
etag: "6718908a-6438"
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.gdatasoftware.com
content-length: 25656
date: Thu, 24 Oct 2024 10:41:07 GMT
content-type: font/woff2
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
server: nginx

GET
H2 200 gcon1-991.ttf
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/ 116 KB
117 KB 50ms
47ms Font
application/octet-stream 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon1-991.ttf?w2aerhgm

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon.css?1729663114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

5e5d46c22d87bff9d49018172f5764cb39ebcd228577ad17229a7dc67ee65198

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon.css?1729663114

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
etag: "6718908a-1d0f4"
expires: Fri, 24 Oct 2025 10:41:07 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.gdatasoftware.com
content-length: 119028
date: Thu, 24 Oct 2024 10:41:07 GMT
content-type: application/octet-stream
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
server: nginx

GET
H2 200 source-sans-pro-v13-latin-ext_latin-300.woff2
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/ 25 KB
25 KB 56ms
54ms Font
font/woff2 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-300.woff2

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1729663114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1729663114

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=3628800
etag: "6718908a-6474"
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.gdatasoftware.com
content-length: 25716
date: Thu, 24 Oct 2024 10:41:07 GMT
content-type: font/woff2
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
server: nginx

GET
H2 200 source-sans-pro-v13-latin-ext_latin-600.woff2
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/ 25 KB
25 KB 43ms
41ms Font
font/woff2 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-600.woff2

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1729663114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1729663114

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=3628800
etag: "6718908a-63b0"
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.gdatasoftware.com
content-length: 25520
date: Thu, 24 Oct 2024 10:41:07 GMT
content-type: font/woff2
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
server: nginx

GET
H2 200 AsyncRAT_Figure1_5cadf33fb9.jpg
www.gdatasoftware.com/fileadmin/_processed_/f/8/ 18 KB
19 KB 55ms
49ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/f/8/AsyncRAT_Figure1_5cadf33fb9.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

acdbc62c9bcf84c128b16e78e6fe846591d0f88ce5b5d44903eae8d49faebe51

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f457a-464b"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 17995
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:47:54 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 AsyncRAT_Figure2_0211a201ad.jpg
www.gdatasoftware.com/fileadmin/_processed_/c/1/ 66 KB
68 KB 64ms
59ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/c/1/AsyncRAT_Figure2_0211a201ad.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

1403208f22a0a849db8492211cbad71e1a8413e9a9ee583d16a3307d54cd6b90

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f456d-109b2"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 68018
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:47:41 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 AsyncRAT_Figure3_3d459c5903.jpg
www.gdatasoftware.com/fileadmin/_processed_/7/a/ 60 KB
61 KB 66ms
62ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/7/a/AsyncRAT_Figure3_3d459c5903.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

aeea386e19012a449bd03dd0f29cdf8efde2373bab6b9d07d8bfc6692009bb11

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f4563-eeea"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 61162
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:47:31 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 AsyncRAT_Figure4_79eab4e45a.jpg
www.gdatasoftware.com/fileadmin/_processed_/c/0/ 64 KB
65 KB 47ms
44ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/c/0/AsyncRAT_Figure4_79eab4e45a.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

d13a52c1806c7ab2e42006fa6f6ce2fa2fdb5ba51b95e300b85afd35edee92e6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f456d-fe38"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 65080
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:47:41 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 AsyncRAT_Figure5_26a24ecf0a.jpg
www.gdatasoftware.com/fileadmin/_processed_/2/8/ 20 KB
21 KB 44ms
41ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/2/8/AsyncRAT_Figure5_26a24ecf0a.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

dbc2e9bc0cdbeeb72e5f6ebda90d34e5e6aec6e90347e4c10fe60a46a3717334

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f4557-4e37"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 20023
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:47:19 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 AsyncRAT_Figure6_57863dc2fb.jpg
www.gdatasoftware.com/fileadmin/_processed_/b/1/ 12 KB
14 KB 43ms
40ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/b/1/AsyncRAT_Figure6_57863dc2fb.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

1da5cf0bc913b4e2692fca02f372d9af32c317d75b437fcebc60466a7f25f5eb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f456b-3199"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 12697
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:47:39 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 AsyncRAT_Figure7_1bb7b41fed.jpg
www.gdatasoftware.com/fileadmin/_processed_/3/4/ 382 KB
383 KB 54ms
52ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/3/4/AsyncRAT_Figure7_1bb7b41fed.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

1e669038a138d06e66dfaec9abf653540c767bcfb3bb3929f74a99f1034ef91d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f4559-5f78b"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 391051
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:47:21 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 AsyncRAT_Figure8.jpg
www.gdatasoftware.com/fileadmin/web/general/images/blog/2024/10/ 104 KB
106 KB 51ms
49ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2024/10/AsyncRAT_Figure8.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

d4fa0ec57e20cf8f0d9e3649a5392512cc2af3af71b78a7d43c4a48206925f28

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
etag: "670f45e6-1a13e"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
accept-ranges: bytes
content-length: 106814
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/jpeg
last-modified: Wed, 16 Oct 2024 04:49:42 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 cmp.php Show response
b.delivery.consentmanager.net/delivery/ 6 KB
3 KB 21ms
20ms Script
text/javascript 87.230.98.78
PLUSSERVER-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://b.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&__cmpfcc=1&id=97569&o=1729766467&h=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket&undefined&l=en&odw=0&dlt=1&l=en&lp=EN

Requested by

Host: b.delivery.consentmanager.net
URL: https://b.delivery.consentmanager.net/delivery/cmp.php?id=97569&h=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket&l=en&ls=EN_EN_DE&lp=EN&o=1729766467100

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

87.230.98.78 , Germany, ASN61157 (PLUSSERVER-ASN1, DE),

Reverse DNS

ds87-230-98-78.dedicated.psmanaged.com

Software

Resource Hash

2f15c9b3b7c646ab83e32d3366d323af75490d9576c3905adb439608e5270407

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Thu, 01 Dec 1994 16:00:00 GMT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: no-store, no-cache, must-revalidate
last-modified: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8

GET
H2 200 bV8xLndfOTc1Njkucl9HRFBSLmxfZW4uZF8yNjY5Ni54XzI2LnYucC50XzI2Njk2Lnh0XzI3.js Show response
cdn.consentmanager.net/delivery/customdata/ 65 KB
17 KB 19ms
18ms Script
text/javascript 2a02:6ea0:c700::19
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.consentmanager.net/delivery/customdata/bV8xLndfOTc1Njkucl9HRFBSLmxfZW4uZF8yNjY5Ni54XzI2LnYucC50XzI2Njk2Lnh0XzI3.js

Requested by

Host: b.delivery.consentmanager.net
URL: https://b.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&__cmpfcc=1&id=97569&o=1729766467&h=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket&undefined&l=en&odw=0&dlt=1&l=en&lp=EN

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

ea2151e29110821afe6033f619a2a9f5159de4e1028b9c4ea4e133953e7b4f70

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

content-encoding: gzip
x-77-cache: HIT
expires: Thu, 24 Oct 2024 10:56:42 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: public, max-age=1800
content-type: text/javascript; charset=utf-8
x-77-nzt-ray: 4c156224e1d5b0b443241a67e13a4b14
vary: Accept-Encoding
last-modified: Thu, 24 Oct 2024 10:26:42 GMT
x-77-nzt: EgwBw7WqEQHXYQMAAAwB1GY4EQGzPAcAAA
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-77-pop: frankfurtDE
x-xss-protection: 0
x-77-age: 865
server: CDN77-Turbo

GET
H2 200 recall_finger.svg
cdn.consentmanager.net/delivery/recall/ 2 KB
1 KB 23ms
23ms Image
image/svg+xml 2a02:6ea0:c700::19
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.consentmanager.net/delivery/recall/recall_finger.svg
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 50c7b0a0bae5fb6c57b170abce597d5694a211bb8a217d05cea0d73d215f745d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

content-encoding: gzip
etag: W/"6f3-5d782acc3a098"
x-77-cache: HIT
expires: Thu, 02 Oct 2025 15:01:47 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: max-age=2592000
content-type: image/svg+xml
last-modified: Tue, 08 Feb 2022 14:38:47 GMT
x-77-nzt-ray: 4c156224e1d5b0b443241a678f39bb16
vary: Accept-Encoding
x-77-nzt: EgwBw7WqEQH36MMcAAwBJRPCNAG3/////w
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
x-77-pop: frankfurtDE
x-77-age: 1885160
server: CDN77-Turbo

GET
H2 200 /
b.delivery.consentmanager.net/delivery/info/ 43 B
340 B 24ms
24ms Image
image/gif 87.230.98.78
PLUSSERVER-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.delivery.consentmanager.net/delivery/info/?id=97569&did=1&cfdid=1&t=pv.d_ncs.d_ancs.d_bncs&h=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket&o=1729766467373&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=27&dv=26&

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

87.230.98.78 , Germany, ASN61157 (PLUSSERVER-ASN1, DE),

Reverse DNS

ds87-230-98-78.dedicated.psmanaged.com

Software

Resource Hash

5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Thu, 01 Dec 1994 16:00:00 GMT
access-control-allow-origin: *
content-length: 43
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: no-store, no-cache, must-revalidate
last-modified: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/gif

GET
H2 200 /
b.delivery.consentmanager.net/delivery/info/ 43 B
340 B 22ms
22ms Image
image/gif 87.230.98.78
PLUSSERVER-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.delivery.consentmanager.net/delivery/info/?id=97569&did=1&cfdid=1&t=cv&h=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F10%2F38043-asyncrat-bitbucket&o=1729766467374&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=27&dv=26&

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

87.230.98.78 , Germany, ASN61157 (PLUSSERVER-ASN1, DE),

Reverse DNS

ds87-230-98-78.dedicated.psmanaged.com

Software

Resource Hash

5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Thu, 01 Dec 1994 16:00:00 GMT
access-control-allow-origin: *
content-length: 43
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: no-store, no-cache, must-revalidate
last-modified: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/gif

GET
H2 200 logo1688473623x3333.gif
cdn.consentmanager.net/delivery/img/ 28 KB
28 KB 39ms
38ms Image
image/gif 2a02:6ea0:c700::19
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.consentmanager.net/delivery/img/logo1688473623x3333.gif
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: aad3fe663c88bf58fab069ae8320497226b860b1e0b176b21e3c466b702e556b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

x-77-age: 8463013
x-77-nzt: EgwBw7WqEQH3pSKBAAwBJRPCMQH3RKY9AA
cache-control: max-age=31536000
etag: "6f9f-5ffa8668ca23b"
x-77-cache: HIT
expires: Sun, 01 Jun 2025 17:33:14 GMT
accept-ranges: bytes
x-77-pop: frankfurtDE
content-length: 28575
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: max-age=2592000
content-type: image/gif
last-modified: Tue, 04 Jul 2023 12:27:03 GMT
x-77-nzt-ray: 4c156224e1d5b0b443241a6798c47a17
server: CDN77-Turbo

GET
H2 200 cmplogo.svg
cdn.consentmanager.net/delivery/whitelabel/ 4 KB
2 KB 39ms
39ms Image
image/svg+xml 2a02:6ea0:c700::19
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.consentmanager.net/delivery/whitelabel/cmplogo.svg
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4fac8ac68ec0b3328e35eb3962ee1ce7ed17a3b35051b139e519748a8b844536

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

content-encoding: gzip
etag: W/"104c-5facc2a822d40"
x-77-cache: HIT
expires: Thu, 02 Oct 2025 15:00:50 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: max-age=2592000
content-type: image/svg+xml
last-modified: Wed, 03 May 2023 16:01:17 GMT
x-77-nzt-ray: 4c156224e1d5b0b443241a67a6858417
vary: Accept-Encoding
x-77-nzt: EgwBw7WqEQH3IcQcAAwBw7WvAgG3AAAAAA
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
x-77-pop: frankfurtDE
x-77-age: 1885217
server: CDN77-Turbo

GET
H2 200 en.svg
cdn.consentmanager.net/delivery/flags-circle/ 5 KB
2 KB 40ms
39ms Image
image/svg+xml 2a02:6ea0:c700::19
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.consentmanager.net/delivery/flags-circle/en.svg
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b4328724e9756b93c000c85e7ac6baadc7dff6228406ccc675d2cae92a4cc198

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

content-encoding: gzip
etag: W/"125a-5e3df64ce3100"
x-77-cache: HIT
expires: Thu, 02 Oct 2025 15:01:47 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
edge-control: max-age=2592000
content-type: image/svg+xml
last-modified: Fri, 15 Jul 2022 22:18:12 GMT
x-77-nzt-ray: 4c156224e1d5b0b443241a67c3fb8917
vary: Accept-Encoding
x-77-nzt: EgwBw7WqEQH35cMcAAwBw7WvBgG3AwAAAA
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
x-77-pop: frankfurtDE
x-77-age: 1885157
server: CDN77-Turbo

GET
H2 200 favicon.ico
www.gdatasoftware.com/ 4 KB
2 KB 25ms
25ms Other
image/x-icon 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

91949d92617c19f399a1726ba3fbb060254c9165f3e8cbc931014f732d0c0222

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gdatasoftware.com/blog/2024/10/38043-asyncrat-bitbucket

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
cache-control: max-age=3628800
content-encoding: gzip
etag: W/"6718908a-10be"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 05 Dec 2024 10:41:07 GMT
date: Thu, 24 Oct 2024 10:41:07 GMT
x-xss-protection: 0
content-type: image/x-icon
vary: Accept-Encoding
server: nginx
last-modified: Wed, 23 Oct 2024 05:58:34 GMT
x-frame-options: SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

160 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.gdatasoftware.com/	1970-01-21 00:30:52	Name: GDS_utm Value: {"utm_medium":"","utm_source":"","utm_campaign":"","utm_content":"","utm_term":""}
			.gdatasoftware.com/	1970-01-21 00:49:36	Name: __cmpcccx97569 Value: aBQHBWqhAAgAzACAAuBcwAFc9IA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com .doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com .googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.delivery.consentmanager.net
cdn.consentmanager.net
www.gdatasoftware.com
212.23.151.164
2a02:6ea0:c700::19
87.230.98.78
016d9a327e05fe4130b6c813d33ad2b5a8f1b55af3ba6bd98a5bfab46341b9e6
09b801116c0a2ba26fd55d603b08b3a588b3e37df952e79d68b2d4278805cfd8
12bbeb4a5c75cfa4f290f8da4a9282a835f6704b94917c5bc05d4430aa9b31dd
1403208f22a0a849db8492211cbad71e1a8413e9a9ee583d16a3307d54cd6b90
19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19
1da5cf0bc913b4e2692fca02f372d9af32c317d75b437fcebc60466a7f25f5eb
1e669038a138d06e66dfaec9abf653540c767bcfb3bb3929f74a99f1034ef91d
2f15c9b3b7c646ab83e32d3366d323af75490d9576c3905adb439608e5270407
3300c71f99c8fa4c2640fd27bf9941ad78be011dcf841d88f455b6fb767daddb
3e17d9ffedd7459d58e6c669de912c510574ec762c6c64fa599ed7e660cad7ba
4fac8ac68ec0b3328e35eb3962ee1ce7ed17a3b35051b139e519748a8b844536
50c7b0a0bae5fb6c57b170abce597d5694a211bb8a217d05cea0d73d215f745d
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4
5bd5ebcf03a341e616a7b8361cf09a193e9e4b96fda68c679a6c53a07f5c31bb
5e5d46c22d87bff9d49018172f5764cb39ebcd228577ad17229a7dc67ee65198
5eed2dca159844eb0260471076b602f572491778e0914b45d97eba85ebb4f668
72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b
77f9291def17b8ae239f0f5181ad69a3923dbcc7835ba7aaa4cb1d1cb2142211
7a7abe196a5d8d760adbec74b6dcf7af2f35c91a06b4e033928ee5c03dfb7e9b
8d7529a1f758ae2646b1aca6ebe311413b46ad136268bc8ff2eab695622b1e83
91949d92617c19f399a1726ba3fbb060254c9165f3e8cbc931014f732d0c0222
92595136b2df4f4776832b171be8de1087d17d0f637ca7c4838e354df2eb6a44
9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2
aad3fe663c88bf58fab069ae8320497226b860b1e0b176b21e3c466b702e556b
acdbc62c9bcf84c128b16e78e6fe846591d0f88ce5b5d44903eae8d49faebe51
aeea386e19012a449bd03dd0f29cdf8efde2373bab6b9d07d8bfc6692009bb11
b4328724e9756b93c000c85e7ac6baadc7dff6228406ccc675d2cae92a4cc198
bff274c9a37425256c5eef9791075ccba934922e61acbe80e8bd4f22e0ac1257
d13a52c1806c7ab2e42006fa6f6ce2fa2fdb5ba51b95e300b85afd35edee92e6
d1c2819593de23c2a5128bbf9c346da286f9523cf31aea5c24803b983cc99ac5
d260dec5586aac2de1d81c5dfde69b1f0df60c6626dd77f0b8321b464c622d08
d4fa0ec57e20cf8f0d9e3649a5392512cc2af3af71b78a7d43c4a48206925f28
dbc2e9bc0cdbeeb72e5f6ebda90d34e5e6aec6e90347e4c10fe60a46a3717334
de29fa42fdcdbc32e060d8e033322b3d0151f70e82dd08e8c9c9996e6c343dcb
e269f4a039beda664bcd9294fe3f36f6ebfdf31dc2c02bee383f47ae67003af8
ea2151e29110821afe6033f619a2a9f5159de4e1028b9c4ea4e133953e7b4f70
eaee182f99fdf2d211c29221098ce1d2a326f78ee7126ce481d0c139e91b0d01
eb4d4ab5d5bb9ec797999c3c5280f694599cba6ea652af8ea6feb9c67802594f
ed8909e15e1f2e9d0ba9694bc5bd3cf04f19aa3a40b1f8536ad0f675450b5991
f37573409d9e7abddbbfbb516297cd89d7c0901b2743e23f0a7f91ebeac75c79

www.gdatasoftware.com Open in urlscan Pro 212.23.151.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

41 Requests

100 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

4 IPs

1 Countries

1668 kBTransfer

2558 kBSize

2 Cookies

15 Outgoing links

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

1668 kB
Transfer

2558 kB
Size

2
Cookies

41 HTTP transactions
1 data transactions