www.gdatasoftware.com Open in urlscan Pro
212.23.136.51 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.gdatasoftware.com/blog/strrat-crimson
Submission: On June 21 via api (June 21st 2020, 11:24:31 pm UTC) from DE

Summary HTTP 23 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 23 HTTP transactions. The main IP is 212.23.136.51, located in Herne, Germany and belongs to TMR, DE. The main domain is www.gdatasoftware.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on May 19th 2020. Valid for: 2 years.

This is the only time www.gdatasoftware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	212.23.136.51 212.23.136.51	12329 (TMR) (TMR)
4	85.25.214.59 85.25.214.59	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
23	2

19 212.23.136.51 (Herne, Germany)

ASN12329 (TMR, DE)

www.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 85.25.214.59 (Germany)

ASN8972 (GD-EMEA-DC-SXB1, DE)
PTR: malta1055.startdedicated.com

file.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	gdatasoftware.com www.gdatasoftware.com file.gdatasoftware.com	785 KB
23	1

	Domain	Requested by
19	www.gdatasoftware.com	www.gdatasoftware.com
4	file.gdatasoftware.com	www.gdatasoftware.com
23	2

This site contains links to these domains. Also see Links.

Domain
www.gdata.de
feeds.feedblitz.com
malwaretips.com
support.microsoft.com
github.com
twitter.com
www.xing.com
www.linkedin.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
*.gdatasoftware.com Sectigo RSA Organization Validation Secure Server CA	`2020-05-19` - `2022-08-17`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.gdatasoftware.com/blog/strrat-crimson
Frame ID: CE35242AA328C777738207E8747BF662
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

TYPO3 CMS (CMS) Expand

Overall confidence: 100%
Detected patterns

meta generator /TYPO3\s+(?:CMS\s+)?([\d.]+)?(?:\s+CMS)?/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /TYPO3\s+(?:CMS\s+)?([\d.]+)?(?:\s+CMS)?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

23
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

785 kB
Transfer

1208 kB
Size

0
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gdata.de/blog
Title:

Search URL Search Domain Scan URL

URL: https://feeds.feedblitz.com/GDataSecurityBlog-EN&x=1
Title:

Search URL Search Domain Scan URL

URL: https://malwaretips.com/
Title: MalwareTips.com

Search URL Search Domain Scan URL

URL: https://malwaretips.com/members/upnorth.38832/
Title: upnorth

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/829982/outlook-blocked-access-to-the-following-potentially-unsafe-attachments
Title: registry hack

Search URL Search Domain Scan URL

URL: https://github.com/kristian/system-hook
Title: GitHub repository by user kristian

Search URL Search Domain Scan URL

URL: https://github.com/java-deobfuscator/deobfuscator
Title: 'Deobfuscator' by Github user 'Java Deobfuscator'

Search URL Search Domain Scan URL

URL: https://github.com/stascorp/rdpwrap
Title: RDWrap

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=New%20Java%20STRRAT%20ships%20with%20.crimson%20ransomware%20module%20%7C%20G%20DATA&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Fstrrat-crimson&via=GDATA
Title: tweet

Search URL Search Domain Scan URL

URL: https://www.xing.com/social_plugins/share?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Fstrrat-crimson
Title: share

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&summary=This%20Java%20based%20malware%20installs%20RDPWrap%2C%20steals%20credentials%2C%20logs%20keystrokes%20and%20remote%20controls%20Windows%20systems.%20It%20may%20soon%20be%20capable%20to%20infect%20without%20Java%20installed.&title=New%20Java%20STRRAT%20ships%20with%20.crimson%20ransomware%20module%20%7C%20G%20DATA&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Fstrrat-crimson
Title: share

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Fstrrat-crimson
Title: share

Search URL Search Domain Scan URL

URL: https://www.facebook.com/gdatasoftwareag

Search URL Search Domain Scan URL

URL: https://twitter.com/GDATA

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/GDataSoftwareAG

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request strrat-crimson Show response
www.gdatasoftware.com/blog/ 44 KB
13 KB 147ms
64ms Document
text/html 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx / PHP/7.2.19

Resource Hash

2d51b51b111cb7879074cd15dbcae096d7e2419ca8028da39ee480bcd88aa8c9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.gdatasoftware.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Sun, 21 Jun 2020 23:24:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
X-Powered-By: PHP/7.2.19
X-CacheTags: |pageId_36138|
X-T3CacheInfo: cacheContentFlag,loginAllowedInBranch,staticCacheable,ClientCache,not_loggedin
X-T3Cache: 1
Content-Language: en
Expires: Sat, 04 Jul 2020 22:00:00 GMT
ETag: W/"65e1d2dc4892d6b5859d00e9aa3c7e85"
Cache-Control: max-age: 43200
Pragma: public
GD_COUNTRY_CODE: PT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Encoding: gzip

GET
H/1.1 200
OK vhs-assets-5b9de08ed4381d6d419362e5ce725858.css
www.gdatasoftware.com/typo3temp/assets/ 185 KB
35 KB 54ms
54ms Stylesheet
text/css 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

908b9ff9b4bb7b52922190a2afc3f53e65f7db996573b5f980fcc3e4da3aef19

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sun, 21 Jun 2020 07:03:53 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"5eef0659-2e35f"
Vary: Accept-Encoding, Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Expires: Mon, 22 Jun 2020 11:24:13 GMT

GET
H/1.1 200
OK vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js Show response
www.gdatasoftware.com/typo3temp/assets/ 109 KB
39 KB 122ms
48ms Script
application/javascript 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js?1592765143

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

31b756baa153afb74c47c789fce3137d48b664be8256c7439bbada18db3ed55a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sun, 21 Jun 2020 18:55:41 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"5eefad2d-1b434"
Vary: Accept-Encoding, Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Expires: Mon, 22 Jun 2020 11:24:13 GMT

GET
H/1.1 200
OK logo_claim_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 3 KB
3 KB 38ms
38ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_white.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 2583
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 28 May 2020 14:48:48 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ecfcf50-a17"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK DE.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/ 966 B
1 KB 47ms
45ms Image
image/svg+xml 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/DE.svg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 28 May 2020 14:48:48 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"5ecfcf50-3c6"
Vary: Accept-Encoding, Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK JavaRAT_infectionchain2.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/ 65 KB
65 KB 50ms
40ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_infectionchain2.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

bb505ed0870bca31667518320fa5e1a0b90eaa935d41471a74924a9f5f888107

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 66056
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 17 Jun 2020 07:08:25 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee9c169-10208"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK JavaRAT_emailcontent.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/ 45 KB
45 KB 59ms
40ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_emailcontent.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

444ff278015ae2f0277667488104bf4ed9df01a2bcfac669852f895922cd4b6c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 45856
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:30 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b332-b320"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK JavaRAT_VBSLoaderJar.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/ 48 KB
48 KB 109ms
62ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_VBSLoaderJar.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

4e8dcfa9166e63f3f18d59193dd7aba097d688d4cb417e33aab4e589ceb63aa4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 48928
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:31 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b333-bf20"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK JavaRAT_DownloadJRE.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/ 36 KB
37 KB 93ms
39ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_DownloadJRE.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

5d2ac852c1201aaa87c9f23461868b83578d9bee21a355f15ff6512dbc8b7bba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 37236
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:32 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b334-9174"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK JavaRAT_Allatori.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/ 29 KB
29 KB 119ms
61ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_Allatori.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

fd3f4f83bc4fa852e79e308e1d5d4ebda0e6b2b8e8b66e234b3383506f221a64

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 29381
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:33 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b335-72c5"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK JavaRAT_Name.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/ 27 KB
27 KB 92ms
63ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_Name.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

a6bf178e51554ae39d5f5b281591e2a7a808a6e41a9ad2f5dd059b96486a62b7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 27160
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:34 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b336-6a18"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK JavaRAT_Config.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/ 5 KB
6 KB 54ms
40ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_Config.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

68b938458c85a862ef7567bfaaa03f3827f55e847f39b4b49c2a85239f6d9397

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 5224
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:36 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b338-1468"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK JavaRAT_RW.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/ 27 KB
28 KB 41ms
40ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_RW.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

3c41425b91bffa80a86b56f0dcc1555a416232aa921a03ddcf5367c623f38532

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 27906
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:37 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b339-6d02"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK hahn_karsten_7c2341c8d2.jpg
www.gdatasoftware.com/fileadmin/_processed_/0/d/ 4 KB
4 KB 41ms
38ms Image
image/jpeg 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/0/d/hahn_karsten_7c2341c8d2.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 3981
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 04 Jul 2019 10:22:23 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5d1dd35f-f8d"
Vary: Accept-Encoding
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK G_DATA_Blog_Excel_Rat_Preview_38738d1d37.jpg
www.gdatasoftware.com/fileadmin/_processed_/3/d/ 5 KB
5 KB 39ms
39ms Image
image/jpeg 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/3/d/G_DATA_Blog_Excel_Rat_Preview_38738d1d37.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

b681e17accabcb8f0ca4b1c8e91c17c1e15ce661b7346d415d78dc9184cda201

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 4799
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:48 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b344-12bf"
Vary: Accept-Encoding
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK PeKraut_3_Preview_7f51253302.jpg
www.gdatasoftware.com/fileadmin/_processed_/e/9/ 4 KB
5 KB 40ms
39ms Image
image/jpeg 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/e/9/PeKraut_3_Preview_7f51253302.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

4736cf6b0c0fed3e8956f632576af1d5e3e7feb448f4bea01af45aa9d15412cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 4248
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:49 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b345-1098"
Vary: Accept-Encoding
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK logo_claim_2016_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 4 KB
4 KB 39ms
39ms Image
image/png 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_2016_white.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 3871
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 28 May 2020 14:48:48 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ecfcf50-f1f"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js Show response
www.gdatasoftware.com/typo3temp/assets/ 263 KB
81 KB 73ms
71ms Script
application/javascript 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js?1592723033

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

177580aa30b235dca3ac62395d5f584438e023d1b160584b6960be3b6c3e610f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sun, 21 Jun 2020 07:03:53 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"5eef0659-41aaa"
Vary: Accept-Encoding, Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Expires: Mon, 22 Jun 2020 11:24:13 GMT

GET
H/1.1 200
OK G_DATA_Blog_JavaSTRRAT_header.jpg
www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/06_2020/ 184 KB
184 KB 78ms
61ms Image
image/jpeg 212.23.136.51
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/06_2020/G_DATA_Blog_JavaSTRRAT_header.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

ceb753f0a7858f43ac79073005a90e8bc2c253c273db7ad7b5e2d2f5248990ef

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 188215
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 16 Jun 2020 11:55:38 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "5ee8b33a-2df37"
Vary: Accept-Encoding
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges: bytes
Expires: Sun, 02 Aug 2020 23:24:13 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-regular.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 116ms
32ms Font
application/octet-stream 85.25.214.59
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-regular.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: malta1055.startdedicated.com
Software: nginx /
Resource Hash: 72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033
Origin: https://www.gdatasoftware.com

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25656
Expires: Sun, 28 Jun 2020 23:24:13 GMT

GET
H/1.1 200
OK gcon1-987.woff2
file.gdatasoftware.com/s/font/ 48 KB
48 KB 121ms
33ms Font
application/octet-stream 85.25.214.59
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/gcon1-987.woff2?pepnum
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: malta1055.startdedicated.com
Software: nginx /
Resource Hash: d0c5a6534958bc852df12cb43c61762fc486baa3b9a23b5aa253c3caac667be6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033
Origin: https://www.gdatasoftware.com

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Last-Modified: Thu, 07 May 2020 06:51:06 GMT
Server: nginx
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 49180
Expires: Sun, 28 Jun 2020 23:24:13 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-300.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 122ms
32ms Font
application/octet-stream 85.25.214.59
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-300.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: malta1055.startdedicated.com
Software: nginx /
Resource Hash: 9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033
Origin: https://www.gdatasoftware.com

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25716
Expires: Sun, 28 Jun 2020 23:24:13 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-600.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 122ms
32ms Font
application/octet-stream 85.25.214.59
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-600.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: malta1055.startdedicated.com
Software: nginx /
Resource Hash: 5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033
Origin: https://www.gdatasoftware.com

Response headers

Date: Sun, 21 Jun 2020 23:24:13 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25520
Expires: Sun, 28 Jun 2020 23:24:13 GMT

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .gdatasoftware.com .gdata.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

file.gdatasoftware.com
www.gdatasoftware.com
212.23.136.51
85.25.214.59
177580aa30b235dca3ac62395d5f584438e023d1b160584b6960be3b6c3e610f
19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19
211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40
2d51b51b111cb7879074cd15dbcae096d7e2419ca8028da39ee480bcd88aa8c9
31b756baa153afb74c47c789fce3137d48b664be8256c7439bbada18db3ed55a
3c41425b91bffa80a86b56f0dcc1555a416232aa921a03ddcf5367c623f38532
444ff278015ae2f0277667488104bf4ed9df01a2bcfac669852f895922cd4b6c
4736cf6b0c0fed3e8956f632576af1d5e3e7feb448f4bea01af45aa9d15412cd
4e8dcfa9166e63f3f18d59193dd7aba097d688d4cb417e33aab4e589ceb63aa4
5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4
5d2ac852c1201aaa87c9f23461868b83578d9bee21a355f15ff6512dbc8b7bba
68b938458c85a862ef7567bfaaa03f3827f55e847f39b4b49c2a85239f6d9397
72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b
7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f
908b9ff9b4bb7b52922190a2afc3f53e65f7db996573b5f980fcc3e4da3aef19
9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2
a6bf178e51554ae39d5f5b281591e2a7a808a6e41a9ad2f5dd059b96486a62b7
b681e17accabcb8f0ca4b1c8e91c17c1e15ce661b7346d415d78dc9184cda201
bb505ed0870bca31667518320fa5e1a0b90eaa935d41471a74924a9f5f888107
ceb753f0a7858f43ac79073005a90e8bc2c253c273db7ad7b5e2d2f5248990ef
d0c5a6534958bc852df12cb43c61762fc486baa3b9a23b5aa253c3caac667be6
ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db
fd3f4f83bc4fa852e79e308e1d5d4ebda0e6b2b8e8b66e234b3383506f221a64

www.gdatasoftware.com Open in urlscan Pro 212.23.136.51 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

785 kBTransfer

1208 kBSize

0 Cookies

15 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.gdatasoftware.com Open in urlscan Pro
212.23.136.51 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

785 kB
Transfer

1208 kB
Size

0
Cookies

23 HTTP transactions
0 data transactions