www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.gdatasoftware.com/blog/cyrat-ransomware
Submission: On September 02 via api (September 2nd 2020, 2:39:47 pm UTC) from US

Summary HTTP 21 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 212.23.151.164, located in Bochum, Germany and belongs to TMR, DE. The main domain is www.gdatasoftware.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on May 19th 2020. Valid for: 2 years.

This is the only time www.gdatasoftware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	212.23.151.164 212.23.151.164	12329 (TMR) (TMR)
3	85.25.214.189 85.25.214.189	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
21	2

18 212.23.151.164 (Bochum, Germany)

ASN12329 (TMR, DE)

www.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.25.214.189 (Germany)

ASN8972 (GD-EMEA-DC-SXB1, DE)

file.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	gdatasoftware.com www.gdatasoftware.com file.gdatasoftware.com	729 KB
21	1

	Domain	Requested by
18	www.gdatasoftware.com	www.gdatasoftware.com
3	file.gdatasoftware.com	www.gdatasoftware.com
21	2

This site contains links to these domains. Also see Links.

Domain
www.gdata.de
feeds.feedblitz.com
ntinfo.biz
github.com
www.pyinstaller.org
www.python.org
pypi.org
www.figlet.org
cryptography.io
twitter.com
www.xing.com
www.linkedin.com
www.facebook.com
reddit.com
www.youtube.com

Subject Issuer	Validity	Valid
*.gdatasoftware.com Sectigo RSA Organization Validation Secure Server CA	`2020-05-19` - `2022-08-17`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.gdatasoftware.com/blog/cyrat-ransomware
Frame ID: 33B3841D541BCF4103C23855E38B486C
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

729 kB
Transfer

1134 kB
Size

0
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gdata.de/blog
Title:

Search URL Search Domain Scan URL

URL: https://feeds.feedblitz.com/GDataSecurityBlog-EN&x=1
Title:

Search URL Search Domain Scan URL

URL: http://ntinfo.biz/index.html
Title: DiE

Search URL Search Domain Scan URL

URL: https://github.com/katjahahn/PortEx/tree/master/progs
Title: PortexAnalyzer

Search URL Search Domain Scan URL

URL: https://www.pyinstaller.org/
Title: PyInstaller

Search URL Search Domain Scan URL

URL: https://github.com/extremecoders-re/pyinstxtractor/blob/master/pyinstxtractor.py
Title: PyInstxtractor

Search URL Search Domain Scan URL

URL: https://www.python.org/downloads/release/python-370/
Title: Python 3.7

Search URL Search Domain Scan URL

URL: https://pypi.org/project/uncompyle6/
Title: uncompyle6

Search URL Search Domain Scan URL

URL: http://www.figlet.org/
Title: pyfiglet

Search URL Search Domain Scan URL

URL: https://cryptography.io/en/latest/fernet/
Title: Fernet

Search URL Search Domain Scan URL

URL: https://twitter.com/struppigel/status/1298592057087361030
Title: I posted the Cyrat sample

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Look%20for%20a%20fix%2C%20get%20malware%20instead%3A%20examining%20the%20Cyrat%20ransomware%20%7C%20G%20DATA&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Fcyrat-ransomware&via=GDATA
Title: tweet

Search URL Search Domain Scan URL

URL: https://www.xing.com/social_plugins/share?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Fcyrat-ransomware
Title: share

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&summary=Disguised%20as%20a%20DLL%20fixer%2C%20Cyrat%20encrypts%20data%20and%20demands%20payment.%20The%20makers%20appear%20to%20be%20active%2C%20even%20replying%20to%20emails.%20Learn%20more%20on%20the%20G%20DATA%20blog!&title=Look%20for%20a%20fix%2C%20get%20malware%20instead%3A%20examining%20the%20Cyrat%20ransomware%20%7C%20G%20DATA&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Fcyrat-ransomware
Title: share

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Fcyrat-ransomware
Title: share

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2Fcyrat-ransomware&title=Look%20for%20a%20fix%2C%20get%20malware%20instead%3A%20examining%20the%20Cyrat%20ransomware%20%7C%20G%20DATA
Title: share

Search URL Search Domain Scan URL

URL: https://www.facebook.com/gdatasoftwareag

Search URL Search Domain Scan URL

URL: https://twitter.com/GDATA

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/GDataSoftwareAG

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request cyrat-ransomware Show response
www.gdatasoftware.com/blog/ 34 KB
12 KB 128ms
41ms Document
text/html 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

2293cdfd1a7ce9581fff01e4d8e62cb6a08947221d765c7a6e6a632537166bfd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.gdatasoftware.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 02 Sep 2020 14:39:29 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age: 43200
Content-Encoding: gzip
Content-Language: en
Etag: W/"463b0ebbfb3be259150b93afbbf82a8d"
Expires: Tue, 15 Sep 2020 22:00:00 GMT
Pragma: public
X-Cachetags: |pageId_36312|
X-T3cache: 1
X-T3cacheinfo: cacheContentFlag,loginAllowedInBranch,staticCacheable,ClientCache,not_loggedin
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade

GET
H/1.1 200
OK vhs-assets-5b9de08ed4381d6d419362e5ce725858.css
www.gdatasoftware.com/typo3temp/assets/ 180 KB
34 KB 60ms
60ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1598967504

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

98f509762045ac4c774e98d82b28131e47987de8b74f24015fbefaeff7122f01

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 13:38:24 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5f4e4ed0-2cf9f"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Thu, 03 Sep 2020 02:39:29 GMT

GET
H/1.1 200
OK vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js Show response
www.gdatasoftware.com/typo3temp/assets/ 109 KB
39 KB 128ms
53ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js?1599053023

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

31b756baa153afb74c47c789fce3137d48b664be8256c7439bbada18db3ed55a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 02 Sep 2020 14:37:09 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5f4fae15-1b434"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Thu, 03 Sep 2020 02:39:29 GMT

GET
H/1.1 200
OK logo_claim_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 3 KB
3 KB 50ms
50ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_white.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 2583
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 28 Aug 2020 07:54:45 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f48b845-a17"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK DE.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/ 966 B
1 KB 39ms
38ms Image
image/svg+xml 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/DE.svg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 31 Aug 2020 14:44:10 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5f4d0cba-3c6"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK cryrat_die.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/09/ 30 KB
30 KB 98ms
58ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/09/cryrat_die.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

3af86a7f82ecef59c48a52819de5952758bcf41730bc06d1befbf92d513f228a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 30321
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 08:01:13 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f4dffc9-7671"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK cryrat_screen.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/09/ 17 KB
18 KB 96ms
46ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/09/cryrat_screen.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

e37366d1e0c90d8c0fd6653a3afd9fd46d96cfe5359ad4a3d5a760495189c393

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 17615
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 08:01:12 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f4dffc8-44cf"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK ransomware_attack_worried_businessman_by_andrey_popov_gettyimages-1199291222_cso_2400x1600-100840844-large_9c24b9cd5d.jpg
www.gdatasoftware.com/fileadmin/_processed_/c/a/ 60 KB
61 KB 137ms
60ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/c/a/ransomware_attack_worried_businessman_by_andrey_popov_gettyimages-1199291222_cso_2400x1600-100840844-large_9c24b9cd5d.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

93572341956c02217a72dc75c6d4478d04031a259f0aa982936a9c6b58e97cd5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 61346
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 08:02:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f4e002a-efa2"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK cyrat_ransomnote_e4a1a7d48f.png
www.gdatasoftware.com/fileadmin/_processed_/e/3/ 107 KB
108 KB 97ms
60ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/e/3/cyrat_ransomnote_e4a1a7d48f.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

e5923b798e060bca27d8590469b7302237f41ff6481679108a364c36d266b558

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 109298
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 08:02:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f4e002a-1aaf2"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK cryrat_linux.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/09/ 7 KB
8 KB 93ms
45ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/09/cryrat_linux.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

59c98d74e18d497ae8beba3deabf9b09fab8e77f64152cf2d2eeeae17451c8c5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 7228
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 08:01:16 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f4dffcc-1c3c"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK hahn_karsten_7c2341c8d2.jpg
www.gdatasoftware.com/fileadmin/_processed_/0/d/ 4 KB
5 KB 46ms
38ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/0/d/hahn_karsten_7c2341c8d2.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 3981
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 19 Jun 2020 09:30:32 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5eec85b8-f8d"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK G_DATA_Blog_USB_Single_Preview_360eeca1eb.jpg
www.gdatasoftware.com/fileadmin/_processed_/3/2/ 3 KB
4 KB 38ms
38ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/3/2/G_DATA_Blog_USB_Single_Preview_360eeca1eb.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

86431d4e10f0dec2493aaa60f76193fc1804795705e58c3fb97c4a90d78d6980

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 3321
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 08:36:11 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f4e07fb-cf9"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK G_DATA_Blog_Zeppelin_Buran_Preview_d5267212c0.jpg
www.gdatasoftware.com/fileadmin/_processed_/8/7/ 5 KB
6 KB 38ms
38ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/8/7/G_DATA_Blog_Zeppelin_Buran_Preview_d5267212c0.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

d3d3457d66278e95e3a9c4427a3454a3d8b0d92be191fd38abe765255d633243

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 4835
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 08:36:11 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f4e07fb-12e3"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK G_DATA_Blog_RansomwareClass_Preview_c0d7c09e85.jpg
www.gdatasoftware.com/fileadmin/_processed_/c/3/ 6 KB
7 KB 40ms
39ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/c/3/G_DATA_Blog_RansomwareClass_Preview_c0d7c09e85.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

67a7dd18b1177b92f8af0675bd8ff61289def30b7b411f68aef1ff9e7901ca76

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 6635
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 19 Jun 2020 09:34:25 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5eec86a1-19eb"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK logo_claim_2016_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 4 KB
5 KB 45ms
45ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_2016_white.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 3871
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 28 Aug 2020 07:54:45 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f48b845-f1f"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js Show response
www.gdatasoftware.com/typo3temp/assets/ 260 KB
80 KB 102ms
90ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js?1598967504

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

d0551ebf246bbbb916a5c5085c36ac4de3001ccd4ebbfa3603db310938b0a25a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 13:38:24 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5f4e4ed0-4111d"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Thu, 03 Sep 2020 02:39:29 GMT

GET
H/1.1 200
OK G_DATA_Blog_Cyrat_Header.jpg
www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/09_2020/ 182 KB
183 KB 46ms
40ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/09_2020/G_DATA_Blog_Cyrat_Header.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/cyrat-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

2dc6ab07f1d6e79cff9b306b9c391b7ffbf9a94aa1fe574e289861e8fd795abd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/cyrat-ransomware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 186045
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 01 Sep 2020 08:01:19 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f4dffcf-2d6bd"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Wed, 14 Oct 2020 14:39:29 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-regular.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 142ms
35ms Font
application/octet-stream 85.25.214.189
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-regular.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1598967504
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.189 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: nginx /
Resource Hash: 72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1598967504
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:30 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
ETag: "5d43c744-6438"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25656
Expires: Wed, 09 Sep 2020 14:39:30 GMT

GET
H/1.1 200
OK gcon1-988.woff2
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/ 48 KB
48 KB 59ms
43ms Font
application/octet-stream 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon1-988.woff2?waerhgm
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1598967504
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software: nginx /
Resource Hash: ab12a263ae21799ecbd4a660abbbff3747f762433026fb4997df8bd8cebf941f

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1598967504
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:29 GMT
Last-Modified: Mon, 31 Aug 2020 14:44:11 GMT
Server: nginx
Etag: "5f4d0cbb-c0b0"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: https://www.gdatasoftware.com
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 49328

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-300.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 147ms
36ms Font
application/octet-stream 85.25.214.189
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-300.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1598967504
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.189 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: nginx /
Resource Hash: 9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1598967504
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:30 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
ETag: "5d43c744-6474"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25716
Expires: Wed, 09 Sep 2020 14:39:30 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-600.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 149ms
36ms Font
application/octet-stream 85.25.214.189
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-600.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1598967504
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.189 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: nginx /
Resource Hash: 5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1598967504
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 14:39:30 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
ETag: "5d43c744-63b0"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25520
Expires: Wed, 09 Sep 2020 14:39:30 GMT

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

file.gdatasoftware.com
www.gdatasoftware.com
212.23.151.164
85.25.214.189
19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19
211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40
2293cdfd1a7ce9581fff01e4d8e62cb6a08947221d765c7a6e6a632537166bfd
2dc6ab07f1d6e79cff9b306b9c391b7ffbf9a94aa1fe574e289861e8fd795abd
31b756baa153afb74c47c789fce3137d48b664be8256c7439bbada18db3ed55a
3af86a7f82ecef59c48a52819de5952758bcf41730bc06d1befbf92d513f228a
59c98d74e18d497ae8beba3deabf9b09fab8e77f64152cf2d2eeeae17451c8c5
5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4
67a7dd18b1177b92f8af0675bd8ff61289def30b7b411f68aef1ff9e7901ca76
72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b
7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f
86431d4e10f0dec2493aaa60f76193fc1804795705e58c3fb97c4a90d78d6980
93572341956c02217a72dc75c6d4478d04031a259f0aa982936a9c6b58e97cd5
98f509762045ac4c774e98d82b28131e47987de8b74f24015fbefaeff7122f01
9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2
ab12a263ae21799ecbd4a660abbbff3747f762433026fb4997df8bd8cebf941f
d0551ebf246bbbb916a5c5085c36ac4de3001ccd4ebbfa3603db310938b0a25a
d3d3457d66278e95e3a9c4427a3454a3d8b0d92be191fd38abe765255d633243
e37366d1e0c90d8c0fd6653a3afd9fd46d96cfe5359ad4a3d5a760495189c393
e5923b798e060bca27d8590469b7302237f41ff6481679108a364c36d266b558
ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db

www.gdatasoftware.com Open in urlscan Pro 212.23.151.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

21 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

729 kBTransfer

1134 kBSize

0 Cookies

19 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

729 kB
Transfer

1134 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions