www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
Submission: On November 05 via manual (November 5th 2020, 5:42:56 pm UTC) from CR

Summary HTTP 19 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 212.23.151.164, located in Bochum, Germany and belongs to TMR, DE. The main domain is www.gdatasoftware.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on May 19th 2020. Valid for: 2 years.

This is the only time www.gdatasoftware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
16	212.23.151.164 212.23.151.164	12329 (TMR) (TMR)
3	85.25.214.189 85.25.214.189	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
19	2

16 212.23.151.164 (Bochum, Germany)

ASN12329 (TMR, DE)

www.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.25.214.189 (Germany)

ASN8972 (GD-EMEA-DC-SXB1, DE)

file.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	gdatasoftware.com www.gdatasoftware.com file.gdatasoftware.com	2 MB
19	1

	Domain	Requested by
16	www.gdatasoftware.com	www.gdatasoftware.com
3	file.gdatasoftware.com	www.gdatasoftware.com
19	2

This site contains links to these domains. Also see Links.

Domain
www.gdata.de
feeds.feedblitz.com
twitter.com
github.com
en.wikipedia.org
www.bleepingcomputer.com
www.xing.com
www.linkedin.com
www.facebook.com
reddit.com
www.youtube.com

Subject Issuer	Validity	Valid
*.gdatasoftware.com Sectigo RSA Organization Validation Secure Server CA	`2020-05-19` - `2022-08-17`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
Frame ID: 9CC6D3A82B992AE7EFB4DC5FCBDE952D
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

2084 kB
Transfer

2491 kB
Size

0
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gdata.de/blog
Title:

Search URL Search Domain Scan URL

URL: https://feeds.feedblitz.com/GDataSecurityBlog-EN&x=1
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/backsla3h
Title: @backsla3h

Search URL Search Domain Scan URL

URL: https://twitter.com/backsla3h/status/1321246484617175042
Title: sold on forums

Search URL Search Domain Scan URL

URL: https://github.com/bytecode77/r77-rootkit
Title: open source rootkit

Search URL Search Domain Scan URL

URL: https://github.com/anthemtotheego/SharpExec
Title: SharpExec

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/XXTEA
Title: XXTEA

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/
Title: An article by Bleepingcomputer

Search URL Search Domain Scan URL

URL: https://twitter.com/backsla3h/status/1321498443974471680
Title: @backsla3h pointed out

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Babax%20stealer%20rebrands%20to%20Osno%2C%20installs%20rootkit%20%7C%20G%20DATA&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2020%2F11%2F36459-babax-stealer-rebrands-to-osno-installs-rootkit&via=GDATA
Title: tweet

Search URL Search Domain Scan URL

URL: https://www.xing.com/social_plugins/share?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2020%2F11%2F36459-babax-stealer-rebrands-to-osno-installs-rootkit
Title: share

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&summary=Babax%20not%20only%20changes%20its%20name%20but%20also%20adds%20a%20Ring%203%20rootkit%20and%20lateral%20spreading%20and%20a%20ransomware%20component%20called%20OsnoLocker.&title=Babax%20stealer%20rebrands%20to%20Osno%2C%20installs%20rootkit%20%7C%20G%20DATA&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2020%2F11%2F36459-babax-stealer-rebrands-to-osno-installs-rootkit
Title: share

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2020%2F11%2F36459-babax-stealer-rebrands-to-osno-installs-rootkit
Title: share

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2020%2F11%2F36459-babax-stealer-rebrands-to-osno-installs-rootkit&title=Babax%20stealer%20rebrands%20to%20Osno%2C%20installs%20rootkit%20%7C%20G%20DATA
Title: share

Search URL Search Domain Scan URL

URL: https://www.facebook.com/gdatasoftwareag

Search URL Search Domain Scan URL

URL: https://twitter.com/GDATA

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/GDataSoftwareAG

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 36459-babax-stealer-rebrands-to-osno-installs-rootkit Show response
www.gdatasoftware.com/blog/2020/11/ 34 KB
12 KB 98ms
27ms Document
text/html 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

6947f324559487c302f64de73640dca76f34ef2210f4069254af756dbc3605a1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.gdatasoftware.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Thu, 05 Nov 2020 17:42:37 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age: 43200
Content-Encoding: gzip
Content-Language: en
Etag: W/"6ceec3e089294e11b4a48cdcbb2afc5f"
Expires: Wed, 18 Nov 2020 23:00:00 GMT
Pragma: public
GD_COUNTRY_CODE: GB
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade

GET
H/1.1 200
OK vhs-assets-5b9de08ed4381d6d419362e5ce725858.css
www.gdatasoftware.com/typo3temp/assets/ 180 KB
34 KB 48ms
47ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1604492801

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

9fa6010d0cbc460c5fe9fb3b99adfde3f1b6b8418474dad9aad6afd0ad1c0085

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 04 Nov 2020 12:26:41 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5fa29e01-2cfad"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Fri, 06 Nov 2020 05:42:37 GMT

GET
H/1.1 200
OK vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js Show response
www.gdatasoftware.com/typo3temp/assets/ 109 KB
39 KB 106ms
59ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-1b134abf3ac2eb960301b83b9d6c2ff4.js?1604584610

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

d8943a697b9c2a188d99c20145b16849ec3e2feac56c4771980cc92bcca72d85

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Nov 2020 17:39:51 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5fa438e7-1b407"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Fri, 06 Nov 2020 05:42:37 GMT

GET
H/1.1 200
OK logo_claim_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 3 KB
3 KB 22ms
22ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_white.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:37 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 2583
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 23 Oct 2020 13:54:00 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f92e078-a17"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:37 GMT

GET
H/1.1 200
OK DE.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/ 966 B
1 KB 25ms
23ms Image
image/svg+xml 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/DE.svg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 23 Oct 2020 13:54:00 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5f92e078-3c6"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK babax_giveaway_46403035a9.png
www.gdatasoftware.com/fileadmin/_processed_/4/1/ 249 KB
250 KB 28ms
26ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/4/1/babax_giveaway_46403035a9.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

0c0d12955e7c7be4502937afa995b065989d9ef9e0b3166a59995ea572c4bf93

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 254796
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Nov 2020 14:01:58 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fa405d6-3e34c"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK babax_advertisment_f13ae7ad45.png
www.gdatasoftware.com/fileadmin/_processed_/8/b/ 293 KB
293 KB 85ms
38ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/8/b/babax_advertisment_f13ae7ad45.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

9f2b51127480efe96c95b26ac1666e4c93cfc2e7c15ca42700413f10ad232959

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 299522
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Nov 2020 14:01:59 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fa405d7-49202"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK osno_advertisment_cfbcf33537.png
www.gdatasoftware.com/fileadmin/_processed_/d/0/ 539 KB
540 KB 96ms
45ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/d/0/osno_advertisment_cfbcf33537.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

ba2e195c3f2698789b4695762e78ec6e6d67b42fb6b1d370aeaaa54d840a808e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 551744
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Nov 2020 14:02:00 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fa405d8-86b40"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK r77_installationcode.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/11/ 43 KB
44 KB 79ms
26ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/11/r77_installationcode.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

c7d95622998bcad0e3e66d1166afac250972de6701f6ef3ce0e538ff3af69c1d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 44307
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Nov 2020 14:01:19 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fa405af-ad13"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK r77.gif
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/11/ 144 KB
145 KB 87ms
26ms Image
image/gif 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/11/r77.gif

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

f0d7235d98912d59a66a0f59f7ecfc05c1df303ab42fa21ba07eb3a5f4af6172

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 147788
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Nov 2020 14:01:16 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fa405ac-2414c"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK osno_ransom.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/11/ 25 KB
26 KB 56ms
28ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2020/11/osno_ransom.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

a7c09e7324dc156cc02b82fc482fc15cb3417c9396a535265789731e455dbb5c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 25684
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Nov 2020 14:01:19 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fa405af-6454"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK hahn_karsten_7c2341c8d2.jpg
www.gdatasoftware.com/fileadmin/_processed_/0/d/ 4 KB
5 KB 83ms
34ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/0/d/hahn_karsten_7c2341c8d2.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 3981
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 19 Jun 2020 09:30:32 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5eec85b8-f8d"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK logo_claim_2016_white.png
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 4 KB
5 KB 117ms
61ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo_claim_2016_white.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 3871
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 23 Oct 2020 13:54:00 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5f92e078-f1f"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js Show response
www.gdatasoftware.com/typo3temp/assets/ 260 KB
80 KB 49ms
48ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-72fbd3c3fac64cddf69a69a19bc35c07.js?1604509616

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

6b5dd5b2e4bc34adcd4a2c15384f6d7a1fa7c3bc9c83848e11f63aab8a6775fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 04 Nov 2020 17:06:56 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"5fa2dfb0-41024"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=43200
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Expires: Fri, 06 Nov 2020 05:42:37 GMT

GET
H/1.1 200
OK G_DATA_Blog_RebrandBabax_Header.jpg
www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/11_2020/ 481 KB
482 KB 48ms
25ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2020/11_2020/G_DATA_Blog_RebrandBabax_Header.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

014684be81085820addbcbbee61e251c1bf470e18c566dc43e8e44c2da030997

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 492360
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Nov 2020 14:01:22 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: "5fa405b2-78348"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=3628800
Content-Security-Policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com;
Accept-Ranges: bytes
Expires: Thu, 17 Dec 2020 17:42:38 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-regular.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 68ms
18ms Font
application/octet-stream 85.25.214.189
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-regular.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1604492801
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.189 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: nginx /
Resource Hash: 72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1604492801
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
ETag: "5d43c744-6438"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25656
Expires: Thu, 12 Nov 2020 17:42:38 GMT

GET
H/1.1 200
OK gcon1-988.woff2
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/ 48 KB
48 KB 49ms
30ms Font
application/octet-stream 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon1-988.woff2?waerhgm
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1604492801
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software: nginx /
Resource Hash: ab12a263ae21799ecbd4a660abbbff3747f762433026fb4997df8bd8cebf941f

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1604492801
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
Last-Modified: Fri, 23 Oct 2020 13:54:00 GMT
Server: nginx
Etag: "5f92e078-c0b0"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: https://www.gdatasoftware.com
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 49328

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-300.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 76ms
24ms Font
application/octet-stream 85.25.214.189
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-300.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1604492801
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.189 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: nginx /
Resource Hash: 9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1604492801
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
ETag: "5d43c744-6474"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25716
Expires: Thu, 12 Nov 2020 17:42:38 GMT

GET
H/1.1 200
OK source-sans-pro-v13-latin-ext_latin-600.woff2
file.gdatasoftware.com/s/font/source-sans-pro/ 25 KB
25 KB 79ms
27ms Font
application/octet-stream 85.25.214.189
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://file.gdatasoftware.com/s/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-600.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1604492801
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.25.214.189 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: nginx /
Resource Hash: 5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4

Request headers

Origin: https://www.gdatasoftware.com
Referer: https://www.gdatasoftware.com/typo3temp/assets/vhs-assets-5b9de08ed4381d6d419362e5ce725858.css?1604492801
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 05 Nov 2020 17:42:38 GMT
Last-Modified: Fri, 02 Aug 2019 05:16:52 GMT
Server: nginx
ETag: "5d43c744-63b0"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25520
Expires: Thu, 12 Nov 2020 17:42:38 GMT

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

file.gdatasoftware.com
www.gdatasoftware.com
212.23.151.164
85.25.214.189
014684be81085820addbcbbee61e251c1bf470e18c566dc43e8e44c2da030997
0c0d12955e7c7be4502937afa995b065989d9ef9e0b3166a59995ea572c4bf93
19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19
211965735fd707f91c38ac8508801e7fd74a7b54662282fdf6b76aedcebeed40
5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4
6947f324559487c302f64de73640dca76f34ef2210f4069254af756dbc3605a1
6b5dd5b2e4bc34adcd4a2c15384f6d7a1fa7c3bc9c83848e11f63aab8a6775fd
72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b
7c657d342491cefb26c956267727635a22e3e85fb12dd8f525e811ec000e658f
9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2
9f2b51127480efe96c95b26ac1666e4c93cfc2e7c15ca42700413f10ad232959
9fa6010d0cbc460c5fe9fb3b99adfde3f1b6b8418474dad9aad6afd0ad1c0085
a7c09e7324dc156cc02b82fc482fc15cb3417c9396a535265789731e455dbb5c
ab12a263ae21799ecbd4a660abbbff3747f762433026fb4997df8bd8cebf941f
ba2e195c3f2698789b4695762e78ec6e6d67b42fb6b1d370aeaaa54d840a808e
c7d95622998bcad0e3e66d1166afac250972de6701f6ef3ce0e538ff3af69c1d
d8943a697b9c2a188d99c20145b16849ec3e2feac56c4771980cc92bcca72d85
ed6adae660bb866303826f11fbd012548ad51f7373d4060ebb3d695b9e5df2db
f0d7235d98912d59a66a0f59f7ecfc05c1df303ab42fa21ba07eb3a5f4af6172

www.gdatasoftware.com Open in urlscan Pro 212.23.151.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

2084 kBTransfer

2491 kBSize

0 Cookies

17 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

2084 kB
Transfer

2491 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions