URL: https://www.gdatasoftware.com/blog/strrat-crimson
Submission: On June 21 via api from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 23 HTTP transactions. The main IP is 212.23.136.51, located in Herne, Germany and belongs to TMR, DE. The main domain is www.gdatasoftware.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on May 19th 2020. Valid for: 2 years.
This is the only time www.gdatasoftware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
19 212.23.136.51 12329 (TMR)
4 85.25.214.59 8972 (GD-EMEA-D...)
23 2
Apex Domain
Subdomains
Transfer
23 gdatasoftware.com
www.gdatasoftware.com
file.gdatasoftware.com
785 KB
23 1
Domain Requested by
19 www.gdatasoftware.com www.gdatasoftware.com
4 file.gdatasoftware.com www.gdatasoftware.com
23 2
Subject Issuer Validity Valid
*.gdatasoftware.com
Sectigo RSA Organization Validation Secure Server CA
2020-05-19 -
2022-08-17
2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.gdatasoftware.com/blog/strrat-crimson
Frame ID: 3600DA33D787E5CFAB8FAE260D027E8E
Requests: 23 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • meta generator /TYPO3\s+(?:CMS\s+)?([\d.]+)?(?:\s+CMS)?/i

Overall confidence: 100%
Detected patterns
  • meta generator /TYPO3\s+(?:CMS\s+)?([\d.]+)?(?:\s+CMS)?/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

23
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

785 kB
Transfer

1208 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request strrat-crimson
www.gdatasoftware.com/blog/
44 KB
13 KB
Document
General
Full URL
https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx / PHP/7.2.19
Resource Hash
2d51b51b111cb7879074cd15dbcae096d7e2419ca8028da39ee480bcd88aa8c9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.gdatasoftware.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Sun, 21 Jun 2020 23:31:54 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
X-Powered-By
PHP/7.2.19
X-CacheTags
|pageId_36138|
X-T3CacheInfo
cacheContentFlag,loginAllowedInBranch,staticCacheable,ClientCache,not_loggedin
X-T3Cache
1
Content-Language
en
Expires
Sat, 04 Jul 2020 22:00:00 GMT
ETag
W/"65e1d2dc4892d6b5859d00e9aa3c7e85"
Cache-Control
max-age: 43200
Pragma
public
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Frame-Options
SAMEORIGIN
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer-when-downgrade
Content-Encoding
gzip
vhs-assets-5b9de08ed4381d6d419362e5ce725858.css
www.gdatasoftware.com/typo3temp/assets/
185 KB
35 KB
Stylesheet
General
Full URL
https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
908b9ff9b4bb7b52922190a2afc3f53e65f7db996573b5f980fcc3e4da3aef19
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Sun, 21 Jun 2020 07:03:53 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5eef0659-2e35f"
Vary
Accept-Encoding, Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Expires
Mon, 22 Jun 2020 11:31:54 GMT
vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js
www.gdatasoftware.com/typo3temp/assets/
109 KB
39 KB
Script
General
Full URL
https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js?1592765143
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
31b756baa153afb74c47c789fce3137d48b664be8256c7439bbada18db3ed55a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Sun, 21 Jun 2020 18:55:41 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5eefad2d-1b434"
Vary
Accept-Encoding, Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Expires
Mon, 22 Jun 2020 11:31:54 GMT
logo_claim_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/
3 KB
3 KB
Image
General
Full URL
https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_white.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
2583
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 28 May 2020 14:48:48 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ecfcf50-a17"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
DE.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/
966 B
1 KB
Image
General
Full URL
https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/DE.svg
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 28 May 2020 14:48:48 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5ecfcf50-3c6"
Vary
Accept-Encoding, Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/svg+xml
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Expires
Sun, 02 Aug 2020 23:31:54 GMT
JavaRAT_infectionchain2.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/
65 KB
65 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_infectionchain2.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
bb505ed0870bca31667518320fa5e1a0b90eaa935d41471a74924a9f5f888107
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
66056
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 17 Jun 2020 07:08:25 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee9c169-10208"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
JavaRAT_emailcontent.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/
45 KB
45 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_emailcontent.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
444ff278015ae2f0277667488104bf4ed9df01a2bcfac669852f895922cd4b6c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
45856
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:30 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b332-b320"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
JavaRAT_VBSLoaderJar.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/
48 KB
48 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_VBSLoaderJar.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
4e8dcfa9166e63f3f18d59193dd7aba097d688d4cb417e33aab4e589ceb63aa4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
48928
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:31 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b333-bf20"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
JavaRAT_DownloadJRE.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/
36 KB
37 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_DownloadJRE.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
5d2ac852c1201aaa87c9f23461868b83578d9bee21a355f15ff6512dbc8b7bba
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
37236
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:32 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b334-9174"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
JavaRAT_Allatori.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/
29 KB
29 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_Allatori.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
fd3f4f83bc4fa852e79e308e1d5d4ebda0e6b2b8e8b66e234b3383506f221a64
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
29381
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:33 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b335-72c5"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
JavaRAT_Name.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/
27 KB
27 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_Name.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
a6bf178e51554ae39d5f5b281591e2a7a808a6e41a9ad2f5dd059b96486a62b7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
27160
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:34 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b336-6a18"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
JavaRAT_Config.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/
5 KB
6 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_Config.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
68b938458c85a862ef7567bfaaa03f3827f55e847f39b4b49c2a85239f6d9397
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
5224
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:36 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b338-1468"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
JavaRAT_RW.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/
27 KB
28 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/06/JavaRAT_RW.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
3c41425b91bffa80a86b56f0dcc1555a416232aa921a03ddcf5367c623f38532
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
27906
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:37 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b339-6d02"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
hahn_karsten_7c2341c8d2.jpg
www.gdatasoftware.com/fileadmin/_processed_/0/d/
4 KB
4 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/_processed_/0/d/hahn_karsten_7c2341c8d2.jpg
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
3981
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 04 Jul 2019 10:22:23 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5d1dd35f-f8d"
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
G_DATA_Blog_Excel_Rat_Preview_38738d1d37.jpg
www.gdatasoftware.com/fileadmin/_processed_/3/d/
5 KB
5 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/_processed_/3/d/G_DATA_Blog_Excel_Rat_Preview_38738d1d37.jpg
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
b681e17accabcb8f0ca4b1c8e91c17c1e15ce661b7346d415d78dc9184cda201
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
4799
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:48 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b344-12bf"
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
PeKraut_3_Preview_7f51253302.jpg
www.gdatasoftware.com/fileadmin/_processed_/e/9/
4 KB
5 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/_processed_/e/9/PeKraut_3_Preview_7f51253302.jpg
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
4736cf6b0c0fed3e8956f632576af1d5e3e7feb448f4bea01af45aa9d15412cd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
4248
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:49 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b345-1098"
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
logo_claim_2016_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/
4 KB
4 KB
Image
General
Full URL
https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_2016_white.png
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
3871
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 28 May 2020 14:48:48 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ecfcf50-f1f"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js
www.gdatasoftware.com/typo3temp/assets/
263 KB
81 KB
Script
General
Full URL
https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js?1592723033
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
177580aa30b235dca3ac62395d5f584438e023d1b160584b6960be3b6c3e610f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Sun, 21 Jun 2020 07:03:53 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5eef0659-41aaa"
Vary
Accept-Encoding, Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Expires
Mon, 22 Jun 2020 11:31:54 GMT
G_DATA_Blog_JavaSTRRAT_header.jpg
www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/06_2020/
184 KB
184 KB
Image
General
Full URL
https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/06_2020/G_DATA_Blog_JavaSTRRAT_header.jpg
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.23.136.51 Herne, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software
nginx /
Resource Hash
ceb753f0a7858f43ac79073005a90e8bc2c253c273db7ad7b5e2d2f5248990ef
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gdatasoftware.com/blog/strrat-crimson
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
188215
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 16 Jun 2020 11:55:38 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"5ee8b33a-2df37"
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
max-age=3628800
Content-Security-Policy
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Accept-Ranges
bytes
Expires
Sun, 02 Aug 2020 23:31:54 GMT
source-sans-pro-v13-latin-ext_latin-regular.woff2
file.gdatasoftware.com/s/font/source-sans-pro/
25 KB
25 KB
Font
General
Full URL
https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-regular.woff2
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
malta1055.startdedicated.com
Software
nginx /
Resource Hash
72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033
Origin
https://www.gdatasoftware.com

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Last-Modified
Fri, 02 Aug 2019 05:16:52 GMT
Server
nginx
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25656
Expires
Sun, 28 Jun 2020 23:31:54 GMT
gcon1-987.woff2
file.gdatasoftware.com/s/font/
48 KB
48 KB
Font
General
Full URL
https://file.gdatasoftware.com/s/font/gcon1-987.woff2?pepnum
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
malta1055.startdedicated.com
Software
nginx /
Resource Hash
d0c5a6534958bc852df12cb43c61762fc486baa3b9a23b5aa253c3caac667be6

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033
Origin
https://www.gdatasoftware.com

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Last-Modified
Thu, 07 May 2020 06:51:06 GMT
Server
nginx
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
49180
Expires
Sun, 28 Jun 2020 23:31:54 GMT
source-sans-pro-v13-latin-ext_latin-300.woff2
file.gdatasoftware.com/s/font/source-sans-pro/
25 KB
25 KB
Font
General
Full URL
https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-300.woff2
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
malta1055.startdedicated.com
Software
nginx /
Resource Hash
9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033
Origin
https://www.gdatasoftware.com

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Last-Modified
Fri, 02 Aug 2019 05:16:52 GMT
Server
nginx
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25716
Expires
Sun, 28 Jun 2020 23:31:54 GMT
source-sans-pro-v13-latin-ext_latin-600.woff2
file.gdatasoftware.com/s/font/source-sans-pro/
25 KB
25 KB
Font
General
Full URL
https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-600.woff2
Requested by
Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/strrat-crimson
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.25.214.59 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
malta1055.startdedicated.com
Software
nginx /
Resource Hash
5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1592723033
Origin
https://www.gdatasoftware.com

Response headers

Date
Sun, 21 Jun 2020 23:31:54 GMT
Last-Modified
Fri, 02 Aug 2019 05:16:52 GMT
Server
nginx
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25520
Expires
Sun, 28 Jun 2020 23:31:54 GMT

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| _typeof object| html5 object| Modernizr function| $ function| jQuery function| _createClass function| _classCallCheck function| decryptCharcode function| decryptString function| linkTo_UnCryptMailto object| GdPlatform object| GdWebsite undefined| filetypes undefined| baseHref undefined| hrefRedirect undefined| gaHitCallbackHandler function| objectFitImages function| GDataMainMenu object| GdScrollIndicator object| Foundation object| jQuery112407436417234738262 function| Shariff function| GdTrackingModule object| hljs object| GdTracking

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.gdatasoftware.com *.gdata.de;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

file.gdatasoftware.com
www.gdatasoftware.com
212.23.136.51
85.25.214.59
177580aa30b235dca3ac62395d5f584438e023d1b160584b6960be3b6c3e610f
19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19
211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40
2d51b51b111cb7879074cd15dbcae096d7e2419ca8028da39ee480bcd88aa8c9
31b756baa153afb74c47c789fce3137d48b664be8256c7439bbada18db3ed55a
3c41425b91bffa80a86b56f0dcc1555a416232aa921a03ddcf5367c623f38532
444ff278015ae2f0277667488104bf4ed9df01a2bcfac669852f895922cd4b6c
4736cf6b0c0fed3e8956f632576af1d5e3e7feb448f4bea01af45aa9d15412cd
4e8dcfa9166e63f3f18d59193dd7aba097d688d4cb417e33aab4e589ceb63aa4
5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4
5d2ac852c1201aaa87c9f23461868b83578d9bee21a355f15ff6512dbc8b7bba
68b938458c85a862ef7567bfaaa03f3827f55e847f39b4b49c2a85239f6d9397
72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b
7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f
908b9ff9b4bb7b52922190a2afc3f53e65f7db996573b5f980fcc3e4da3aef19
9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2
a6bf178e51554ae39d5f5b281591e2a7a808a6e41a9ad2f5dd059b96486a62b7
b681e17accabcb8f0ca4b1c8e91c17c1e15ce661b7346d415d78dc9184cda201
bb505ed0870bca31667518320fa5e1a0b90eaa935d41471a74924a9f5f888107
ceb753f0a7858f43ac79073005a90e8bc2c253c273db7ad7b5e2d2f5248990ef
d0c5a6534958bc852df12cb43c61762fc486baa3b9a23b5aa253c3caac667be6
ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db
fd3f4f83bc4fa852e79e308e1d5d4ebda0e6b2b8e8b66e234b3383506f221a64