www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Submission: On June 12 via api (June 12th 2024, 4:24:05 pm UTC) from US — Scanned from DE

Summary HTTP 25 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 25 HTTP transactions. The main IP is 212.23.151.164, located in Bochum, Germany and belongs to TMR, DE. The main domain is www.gdatasoftware.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on July 23rd 2023. Valid for: a year.

This is the only time www.gdatasoftware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
25	212.23.151.164 212.23.151.164		12329 (TMR) (TMR)
25	1

25 212.23.151.164 (Bochum, Germany)

ASN12329 (TMR, DE)

www.gdatasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	gdatasoftware.com www.gdatasoftware.com	1 MB
25	1

	Domain	Requested by
25	www.gdatasoftware.com	www.gdatasoftware.com
25	1

This site contains links to these domains. Also see Links.

Domain
www.gdata.de
feeds.feedblitz.com
x.com
community.emergingthreats.net
www.proofpoint.com
obfuscator.io
dean.edwards.name
github.com
gist.github.com
twitter.com
www.xing.com
www.linkedin.com
www.facebook.com
reddit.com
de.linkedin.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
*.gdatasoftware.com Sectigo RSA Organization Validation Secure Server CA	`2023-07-23` - `2024-08-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Frame ID: 1B6B5CCA6BB15BBD2B60FFE1D95D9877
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Newly discovered: BadSpace backdoor delivered by high-ranking websites

Detected technologies

TYPO3 CMS (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+ href="/?typo3(?:conf|temp)/

Page Statistics

25
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1459 kB
Transfer

1888 kB
Size

1
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gdata.de/blog

Search URL Search Domain Scan URL

URL: https://feeds.feedblitz.com/GDataSecurityBlog-EN&x=1

Search URL Search Domain Scan URL

URL: https://x.com/Gi7w0rm
Title: Gi7w0rm

Search URL Search Domain Scan URL

URL: https://x.com/Gi7w0rm/status/1791970049772687797
Title: backdoor “BadSpace”

Search URL Search Domain Scan URL

URL: https://community.emergingthreats.net/t/sigs-w32-badspace-backdoor/1630
Title: @kevross33

Search URL Search Domain Scan URL

URL: https://x.com/GroupIB_TI/status/1790230873285242992
Title: mentioned

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update
Title: a report

Search URL Search Domain Scan URL

URL: https://obfuscator.io/
Title: obfuscator.io

Search URL Search Domain Scan URL

URL: http://dean.edwards.name/packer/
Title: JavaScript Compressor by Dean Edwards

Search URL Search Domain Scan URL

URL: https://github.com/struppigel/hedgehog-tools/blob/main/BadSpace/badspace_idapython_string_decrypter.py
Title: IDA Python script

Search URL Search Domain Scan URL

URL: https://gist.github.com/OALabs/04ef6b2d6203d162c5b3b0eefd49530c
Title: OALabs

Search URL Search Domain Scan URL

URL: https://x.com/X__Junior
Title: Mohamed Ashraf

Search URL Search Domain Scan URL

URL: https://github.com/X-Junior/Malware-String-Decryptor-Scripts/blob/main/Badspace/badspace.py
Title: Python script

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Newly%20discovered%3A%20BadSpace%20backdoor%20delivered%20by%20high-ranking%20websites&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F06%2F37947-badspace-backdoor&via=GDATA

Search URL Search Domain Scan URL

URL: https://www.xing.com/spi/shares/new?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F06%2F37947-badspace-backdoor

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&summary=Threat%20actors%20deliver%20fake%20software%20updates%20on%20websites%20for%20popular%20browsers%3A%20Sites%20with%20a%20high%20search%20engine%20ranking%20are%20at%20an%20increased%20risk.%20&title=Newly%20discovered%3A%20BadSpace%20backdoor%20delivered%20by%20high-ranking%20websites&url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F06%2F37947-badspace-backdoor

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F06%2F37947-badspace-backdoor

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https%3A%2F%2Fwww.gdatasoftware.com%2Fblog%2F2024%2F06%2F37947-badspace-backdoor&title=Newly%20discovered%3A%20BadSpace%20backdoor%20delivered%20by%20high-ranking%20websites

Search URL Search Domain Scan URL

URL: https://de.linkedin.com/company/g-data-cyberdefense

Search URL Search Domain Scan URL

URL: https://www.facebook.com/gdatasoftwareag

Search URL Search Domain Scan URL

URL: https://twitter.com/GDATA

Search URL Search Domain Scan URL

URL: https://www.instagram.com/gdatacyberdefense

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/GDataSoftwareAG

Search URL Search Domain Scan URL

URL: https://www.gdata.de/help/en/business/HowToArtikel/Virenanalyse/DateiURLAppEinsenden/
Title: Submit a suspicious file, app or URL

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 37947-badspace-backdoor Show response
www.gdatasoftware.com/blog/2024/06/ 46 KB
14 KB 168ms
66ms Document
text/html 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

98800a414bedcaeebe2282f1727926bc683f1c0e6baccf3509bf47c7e92cacdb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: max-age: 43200
content-encoding: gzip
content-language: en
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
content-type: text/html; charset=utf-8
date: Wed, 12 Jun 2024 16:24:01 GMT
etag: W/"fd43ebafcfb5f934ed36fde0e9d51f91"
expires: Tue, 25 Jun 2024 22:00:00 GMT
gd_country_code: DE
pragma: public
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 basic-styles.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/ 133 KB
26 KB 59ms
58ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/basic-styles.css?1718018172

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

bf96a74313c3853b9962a8674df3c13ff3583ffa6d9d937cff04f09551f5262d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-215c1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=43200
x-xss-protection: 0
expires: Thu, 13 Jun 2024 04:24:01 GMT

GET
H2 200 gcon.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/ 14 KB
4 KB 37ms
36ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon.css?1718018172

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

de29fa42fdcdbc32e060d8e033322b3d0151f70e82dd08e8c9c9996e6c343dcb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-3806"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=43200
x-xss-protection: 0
expires: Thu, 13 Jun 2024 04:24:01 GMT

GET
H2 200 source-sans-pro.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/ 1 KB
1 KB 35ms
34ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1718018172

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

12bbeb4a5c75cfa4f290f8da4a9282a835f6704b94917c5bc05d4430aa9b31dd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-51f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=43200
x-xss-protection: 0
expires: Thu, 13 Jun 2024 04:24:01 GMT

GET
H2 200 prism.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/assets/ 4 KB
2 KB 38ms
37ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/assets/prism.css?1718018172

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

77f9291def17b8ae239f0f5181ad69a3923dbcc7835ba7aaa4cb1d1cb2142211

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-f70"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=43200
x-xss-protection: 0
expires: Thu, 13 Jun 2024 04:24:01 GMT

GET
H2 200 menu-2019.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/elements/ 19 KB
5 KB 32ms
31ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/elements/menu-2019.css?1718018172

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

3e17d9ffedd7459d58e6c669de912c510574ec762c6c64fa599ed7e660cad7ba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-4ae8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=43200
x-xss-protection: 0
expires: Thu, 13 Jun 2024 04:24:01 GMT

GET
H2 200 blogpage.css
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/assets/ 15 KB
4 KB 31ms
31ms Stylesheet
text/css 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/assets/blogpage.css?1718018172

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

e269f4a039beda664bcd9294fe3f36f6ebfdf31dc2c02bee383f47ae67003af8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-3c29"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=43200
x-xss-protection: 0
expires: Thu, 13 Jun 2024 04:24:01 GMT

GET
H2 200 logo-for-dark.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/ 3 KB
3 KB 32ms
31ms Image
image/svg+xml 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/logo-for-dark.svg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

5bd5ebcf03a341e616a7b8361cf09a193e9e4b96fda68c679a6c53a07f5c31bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-d6f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=3628800
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 DE.svg
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/ 966 B
2 KB 35ms
35ms Image
image/svg+xml 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Images/Flags/DE.svg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-3c6"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=3628800
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 anna_lvova_1936740544.jpg
www.gdatasoftware.com/fileadmin/_processed_/3/7/ 4 KB
5 KB 55ms
55ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/3/7/anna_lvova_1936740544.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

66b2ad78e9c125aa2a73010625f5d43b3b2d2648624881015ca07b9eec40cc8c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 20 Nov 2023 12:59:54 GMT
server: nginx
referrer-policy: no-referrer-when-downgrade
etag: "655b584a-10f2"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=3628800
accept-ranges: bytes
content-length: 4338
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 hahn_karsten_abecee0563.jpg
www.gdatasoftware.com/fileadmin/_processed_/0/d/ 4 KB
5 KB 57ms
57ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/0/d/hahn_karsten_abecee0563.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

2fbb32a9d8d552b87d7b0011dd665a0910945fcfe2edfa002437953d793fab4a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 28 Nov 2022 12:07:54 GMT
server: nginx
referrer-policy: no-referrer-when-downgrade
etag: "6384a49a-107a"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=3628800
accept-ranges: bytes
content-length: 4218
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 merged-4765c63cae02d518c29485f072146866.js Show response
www.gdatasoftware.com/typo3temp/assets/compressed/ 382 KB
122 KB 58ms
53ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3temp/assets/compressed/merged-4765c63cae02d518c29485f072146866.js?1718085116

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

2920a6ee25c03afde8a0332e7fefe7a3e86594975e70584ab4d91aae2ea62bb0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Tue, 11 Jun 2024 05:51:56 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6667e5fc-5f9b0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=43200
x-xss-protection: 0
expires: Thu, 13 Jun 2024 04:24:01 GMT

GET
H2 200 gd-mainmenu-2019.js Show response
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/JavaScript/ 5 KB
2 KB 30ms
29ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/JavaScript/gd-mainmenu-2019.js?1718018172

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

7a7abe196a5d8d760adbec74b6dcf7af2f35c91a06b4e033928ee5c03dfb7e9b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-128e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=43200
x-xss-protection: 0
expires: Thu, 13 Jun 2024 04:24:01 GMT

GET
H2 200 gd-guidebook.js Show response
www.gdatasoftware.com/typo3conf/ext/gd_pagenews/Resources/Public/JavaScript/ 2 KB
2 KB 58ms
58ms Script
application/javascript 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/typo3conf/ext/gd_pagenews/Resources/Public/JavaScript/gd-guidebook.js?1718018172

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

eaee182f99fdf2d211c29221098ce1d2a326f78ee7126ce481d0c139e91b0d01

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-955"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=43200
x-xss-protection: 0
expires: Thu, 13 Jun 2024 04:24:01 GMT

GET
H2 200 G_DATA_Blog_Badspace_Header.jpg
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/ 733 KB
735 KB 56ms
56ms Image
image/jpeg 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/G_DATA_Blog_Badspace_Header.jpg

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

fd1d3a5290f359c07e822c17a6a8cb10286ae3299292a11ca4713b541228730a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Wed, 12 Jun 2024 11:38:36 GMT
server: nginx
referrer-policy: no-referrer-when-downgrade
etag: "666988bc-b72fa"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=3628800
accept-ranges: bytes
content-length: 750330
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 source-sans-pro-v13-latin-ext_latin-regular.woff2
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/ 25 KB
25 KB 115ms
114ms Font
application/octet-stream 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-regular.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1718018172
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software: nginx /
Resource Hash: 72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1718018172
Origin: https://www.gdatasoftware.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
etag: "6666e07c-6438"
content-type: application/octet-stream
access-control-allow-origin: https://www.gdatasoftware.com
accept-ranges: bytes
content-length: 25656

GET
H2 200 gcon1-991.ttf
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/ 116 KB
117 KB 114ms
114ms Font
application/octet-stream 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon1-991.ttf?w2aerhgm
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon.css?1718018172
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software: nginx /
Resource Hash: 5e5d46c22d87bff9d49018172f5764cb39ebcd228577ad17229a7dc67ee65198

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/gcon.css?1718018172
Origin: https://www.gdatasoftware.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
etag: "6666e07c-1d0f4"
content-type: application/octet-stream
access-control-allow-origin: https://www.gdatasoftware.com
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 119028
expires: Thu, 12 Jun 2025 16:24:01 GMT

GET
H2 200 source-sans-pro-v13-latin-ext_latin-300.woff2
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/ 25 KB
25 KB 116ms
115ms Font
application/octet-stream 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-300.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1718018172
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software: nginx /
Resource Hash: 9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1718018172
Origin: https://www.gdatasoftware.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
etag: "6666e07c-6474"
content-type: application/octet-stream
access-control-allow-origin: https://www.gdatasoftware.com
accept-ranges: bytes
content-length: 25716

GET
H2 200 source-sans-pro-v13-latin-ext_latin-600.woff2
www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/ 25 KB
25 KB 116ms
115ms Font
application/octet-stream 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro/source-sans-pro-v13-latin-ext_latin-600.woff2
Requested by: Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1718018172
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),
Reverse DNS
Software: nginx /
Resource Hash: 5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/typo3conf/ext/gd_sites/Resources/Public/Styles/font/source-sans-pro.css?1718018172
Origin: https://www.gdatasoftware.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
etag: "6666e07c-63b0"
content-type: application/octet-stream
access-control-allow-origin: https://www.gdatasoftware.com
accept-ranges: bytes
content-length: 25520

GET
H2 200 GDATA_Badspace_InfectionChain.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/ 107 KB
108 KB 114ms
114ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/GDATA_Badspace_InfectionChain.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

25505d3de5377f4666eefd180acee39dfd4fe86e96408f32b1600aec5e59dc9c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Wed, 12 Jun 2024 11:38:36 GMT
server: nginx
referrer-policy: no-referrer-when-downgrade
etag: "666988bc-1aa1a"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=3628800
accept-ranges: bytes
content-length: 109082
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 GDATA_Badspace_Web_infection.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/ 30 KB
31 KB 114ms
113ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/GDATA_Badspace_Web_infection.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

34db18423a32fefbce75ee874d051473dd8d19f1416a4d330786e78e6899d588

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Wed, 12 Jun 2024 11:38:36 GMT
server: nginx
referrer-policy: no-referrer-when-downgrade
etag: "666988bc-7922"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=3628800
accept-ranges: bytes
content-length: 31010
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 GDATA_Badspace_Deobfus._mechanism_cade696dcf.png
www.gdatasoftware.com/fileadmin/_processed_/f/f/ 110 KB
111 KB 116ms
115ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/_processed_/f/f/GDATA_Badspace_Deobfus._mechanism_cade696dcf.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

c3a79be670d5d07523605e71791472dfd96bc775de87e3b947458924ce648835

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Wed, 12 Jun 2024 11:39:14 GMT
server: nginx
referrer-policy: no-referrer-when-downgrade
etag: "666988e2-1b728"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=3628800
accept-ranges: bytes
content-length: 112424
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 GDATA_Badspace_PowerShell_code.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/ 16 KB
17 KB 114ms
114ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/GDATA_Badspace_PowerShell_code.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

d1f37f8f55965dceb4ae9641045cdf50125223b33cc5bc22b5c6ddc0b58eb008

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Wed, 12 Jun 2024 11:38:36 GMT
server: nginx
referrer-policy: no-referrer-when-downgrade
etag: "666988bc-3e0e"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=3628800
accept-ranges: bytes
content-length: 15886
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 GDATA_Badspace_encryptedstrings.png
www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/ 64 KB
65 KB 115ms
115ms Image
image/png 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gdatasoftware.com/fileadmin/user_upload/Presse/Deutschland/2024/06/GDATA_Badspace_encryptedstrings.png

Requested by

Host: www.gdatasoftware.com
URL: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

188c3ea1e55c5d392684e4ecc57882eada91ad8b1cbbe8286aa0c5c858beff22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Wed, 12 Jun 2024 11:38:36 GMT
server: nginx
referrer-policy: no-referrer-when-downgrade
etag: "666988bc-fe6e"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=3628800
accept-ranges: bytes
content-length: 65134
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

GET
H2 200 favicon.ico
www.gdatasoftware.com/ 4 KB
2 KB 30ms
30ms Other
image/x-icon 212.23.151.164
TMR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gdatasoftware.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

212.23.151.164 Bochum, Germany, ASN12329 (TMR, DE),

Reverse DNS

Software

nginx /

Resource Hash

91949d92617c19f399a1726ba3fbb060254c9165f3e8cbc931014f732d0c0222

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 16:24:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
last-modified: Mon, 10 Jun 2024 11:16:12 GMT
server: nginx
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
etag: W/"6666e07c-10be"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/x-icon
cache-control: max-age=3628800
x-xss-protection: 0
expires: Wed, 24 Jul 2024 16:24:01 GMT

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.gdatasoftware.com/	1970-01-20 21:18:15	Name: GDS_utm Value: {"utm_medium":"","utm_source":"","utm_campaign":"","utm_content":"","utm_term":""}

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .gdata.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata-advancedanalytics.com .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs .gdata.de .consentmanager.net www.paypal.com .criteo.com .criteo.net .onfastspring.com .saferpay.com www.youtube-nocookie.com www.google.com www.google.de .gdata.ch .gdata.fr .gdata.at .gdata.nl .gdata.it .gdata.be .gdata.es .gdata.pt .gdatasoftware.co.uk .gdatasoftware.com .gdata-software.com .gdata-advancedanalytics.de .gdata.co.jp .gdata-china.com .gdata-hongkong.com .inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.gdatasoftware.com
212.23.151.164
12bbeb4a5c75cfa4f290f8da4a9282a835f6704b94917c5bc05d4430aa9b31dd
188c3ea1e55c5d392684e4ecc57882eada91ad8b1cbbe8286aa0c5c858beff22
19d66a51d12c87c2c254f61d3dc66f4765bc852b03138e4b38ed5fbc3dd01d19
25505d3de5377f4666eefd180acee39dfd4fe86e96408f32b1600aec5e59dc9c
2920a6ee25c03afde8a0332e7fefe7a3e86594975e70584ab4d91aae2ea62bb0
2fbb32a9d8d552b87d7b0011dd665a0910945fcfe2edfa002437953d793fab4a
34db18423a32fefbce75ee874d051473dd8d19f1416a4d330786e78e6899d588
3e17d9ffedd7459d58e6c669de912c510574ec762c6c64fa599ed7e660cad7ba
5b7ade4116e14b315421eb6e4eeabbf1a1c7301a575ee1311fb1659eaaecd6f4
5bd5ebcf03a341e616a7b8361cf09a193e9e4b96fda68c679a6c53a07f5c31bb
5e5d46c22d87bff9d49018172f5764cb39ebcd228577ad17229a7dc67ee65198
66b2ad78e9c125aa2a73010625f5d43b3b2d2648624881015ca07b9eec40cc8c
72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b
77f9291def17b8ae239f0f5181ad69a3923dbcc7835ba7aaa4cb1d1cb2142211
7a7abe196a5d8d760adbec74b6dcf7af2f35c91a06b4e033928ee5c03dfb7e9b
91949d92617c19f399a1726ba3fbb060254c9165f3e8cbc931014f732d0c0222
98800a414bedcaeebe2282f1727926bc683f1c0e6baccf3509bf47c7e92cacdb
9d20a8fc1de189bad815a78bd3a36550412788bc1d8e6f2d7eba6bb18bc901a2
bf96a74313c3853b9962a8674df3c13ff3583ffa6d9d937cff04f09551f5262d
c3a79be670d5d07523605e71791472dfd96bc775de87e3b947458924ce648835
d1f37f8f55965dceb4ae9641045cdf50125223b33cc5bc22b5c6ddc0b58eb008
de29fa42fdcdbc32e060d8e033322b3d0151f70e82dd08e8c9c9996e6c343dcb
e269f4a039beda664bcd9294fe3f36f6ebfdf31dc2c02bee383f47ae67003af8
eaee182f99fdf2d211c29221098ce1d2a326f78ee7126ce481d0c139e91b0d01
fd1d3a5290f359c07e822c17a6a8cb10286ae3299292a11ca4713b541228730a

www.gdatasoftware.com Open in urlscan Pro 212.23.151.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

25 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1459 kBTransfer

1888 kBSize

1 Cookies

24 Outgoing links

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

www.gdatasoftware.com Open in urlscan Pro
212.23.151.164 Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1459 kB
Transfer

1888 kB
Size

1
Cookies

25 HTTP transactions
0 data transactions