Analysis
-
max time kernel
93s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05-01-2025 10:49
Static task
static1
Behavioral task
behavioral1
Sample
2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe
Resource
win7-20240729-en
General
-
Target
2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe
-
Size
9.5MB
-
MD5
9fa984f10a6fe0b8d692e932a8407d15
-
SHA1
9cecb394f1b3aa835b25f6b87b7061352327ec1b
-
SHA256
590b47db4ed9f8a998734698caa65414ecf52d2eb98eb17febc462b9274fa0ad
-
SHA512
35f2105019f383a17435e571a86372369c91fa9cbe01a99aa8f1b0ba5ea64c9fd09f14a8fcb3eb346c34dc64933cd430502475b66b400eba4e65b2a8076573f1
-
SSDEEP
98304:IuRtIIs6Ks1Gus/JmCkdNjb1o3MK030WgFuqIwTJmk+h:Vq7kdNS8/08mJmVh
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Signatures
-
Lumma family
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 100 set thread context of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98 -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BitLockerToGo.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 100 wrote to memory of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98 PID 100 wrote to memory of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98 PID 100 wrote to memory of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98 PID 100 wrote to memory of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98 PID 100 wrote to memory of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98 PID 100 wrote to memory of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98 PID 100 wrote to memory of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98 PID 100 wrote to memory of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98 PID 100 wrote to memory of 1504 100 2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe 98
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe"C:\Users\Admin\AppData\Local\Temp\2025-01-05_9fa984f10a6fe0b8d692e932a8407d15_frostygoop_poet-rat_snatch.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:100 -
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"2⤵
- System Location Discovery: System Language Discovery
PID:1504
-
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request151.133.100.95.in-addr.arpaIN PTRResponse151.133.100.95.in-addr.arpaIN PTRa95-100-133-151deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request76.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestaboriginalkyv.clickIN AResponseaboriginalkyv.clickIN A172.67.186.29aboriginalkyv.clickIN A104.21.76.30
-
Remote address:172.67.186.29:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: aboriginalkyv.click
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=g696em1ifanqdnah2bfq6gpqe7; expires=Thu, 01 May 2025 04:37:03 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F3DS%2FRu6BuHa%2FvNXbdfYMbMu4M5sDEvmDHFeTa9dtRS3od0usZw3DOdJkCKdN34m04o5g3p89gFdxlzBmPslOvzQJeIC3biSwumxXq1pFHaVfxzqI8pZuu9%2B9RxflZNTKqRdqayV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd2e83b4d56e900-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=65331&min_rtt=59063&rtt_var=24557&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3305&recv_bytes=611&delivery_rate=62298&cwnd=252&unsent_bytes=0&cid=96d0cc3cec940222&ts=354&x=0"
-
Remote address:8.8.8.8:53Requestnearycrepso.shopIN AResponse
-
Remote address:8.8.8.8:53Requestabruptyopsn.shopIN AResponseabruptyopsn.shopIN A104.21.96.1abruptyopsn.shopIN A104.21.48.1abruptyopsn.shopIN A104.21.64.1abruptyopsn.shopIN A104.21.16.1abruptyopsn.shopIN A104.21.32.1abruptyopsn.shopIN A104.21.112.1abruptyopsn.shopIN A104.21.80.1
-
Remote address:104.21.96.1:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: abruptyopsn.shop
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=gvv2r2ekfsvpusmnb217npq5gg; expires=Thu, 01 May 2025 04:37:03 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXtYPxJJNqy59CdPBbC5ai6HHk6ziAonFc0i9ZGWbkMUB%2BUudJ2%2BgHt7rRutbMf3vWbseaI4xlgPjedccvxoTGhMZ4qUMb8pdbbDa6gowLe5Zxw3qFBqr%2BFahBa88WuTmPTH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd2e83ee9c3ef25-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=62116&min_rtt=59302&rtt_var=16570&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3508&recv_bytes=605&delivery_rate=51084&cwnd=253&unsent_bytes=0&cid=341aa38454018ab2&ts=301&x=0"
-
Remote address:8.8.8.8:53Requestwholersorie.shopIN AResponsewholersorie.shopIN A104.21.41.51wholersorie.shopIN A172.67.160.114
-
Remote address:104.21.41.51:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: wholersorie.shop
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=1l0h2023pbakkrndkfn0uv1t9n; expires=Thu, 01 May 2025 04:37:04 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C1%2F%2BVrLwCoBYUBmAwJz%2Bng%2FW5InDI8wNW3QN%2BMqCRfD4Ki%2B9OiMdbIknOP0TgWWGKabQGkv5cvTSvFOwwu1wuaLC5G7E35X%2B3Ef6KsrWwgg1qxZCjbwURUvtPPXnDkNPYmZq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd2e841fa48e913-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=60853&min_rtt=59161&rtt_var=14916&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=62793&cwnd=253&unsent_bytes=0&cid=cc20fd46427e8f20&ts=306&x=0"
-
Remote address:8.8.8.8:53Request29.186.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.96.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.163.245.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestframekgirus.shopIN AResponseframekgirus.shopIN A104.21.18.19framekgirus.shopIN A172.67.179.160
-
Remote address:104.21.18.19:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: framekgirus.shop
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=mqd2s2p5r88psss57c1pm3jjmq; expires=Thu, 01 May 2025 04:37:04 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VHo5%2FdAmRJsR1WGY5J8peVQxsiRe2hNyjXGc%2FXUFq9%2BuxWmcUKgBQFPm1WmYpxAfHEMTwrCswNpcQK4K6l6dGArg1xIjQZNc0dTNziJiyhaeXuV94NqV6gdIxTBrOHvLKqkY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd2e8450b6ccd82-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=61618&min_rtt=59320&rtt_var=16369&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=605&delivery_rate=62071&cwnd=253&unsent_bytes=0&cid=7904223ef7d5614f&ts=326&x=0"
-
Remote address:8.8.8.8:53Requesttirepublicerj.shopIN AResponsetirepublicerj.shopIN A104.21.48.1tirepublicerj.shopIN A104.21.64.1tirepublicerj.shopIN A104.21.16.1tirepublicerj.shopIN A104.21.32.1tirepublicerj.shopIN A104.21.96.1tirepublicerj.shopIN A104.21.112.1tirepublicerj.shopIN A104.21.80.1
-
Remote address:104.21.48.1:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirepublicerj.shop
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=0c4irmcehmhcviqke67n1ep5d1; expires=Thu, 01 May 2025 04:37:05 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q8%2Fd%2FtDZpieDY7xP2p5tqem%2Byky5g%2BH%2FYEkd4tA14ku01xtgY85593exUssa%2FZ2m13ro3wK69zFdKh4uCcR4K7O0Qo9CgwPQIUZmGTsERySCiDQZS5rcwwVDfHrkpoypBbhSnKQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd2e8483e4e93f2-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=60974&min_rtt=59306&rtt_var=15512&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3302&recv_bytes=609&delivery_rate=63145&cwnd=253&unsent_bytes=0&cid=e369adbfc1be79d2&ts=292&x=0"
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request51.41.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request19.18.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestnoisycuttej.shopIN AResponsenoisycuttej.shopIN A104.21.71.146noisycuttej.shopIN A172.67.170.178
-
Remote address:104.21.71.146:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: noisycuttej.shop
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=9vimnk4rnd6r0eakbojd22tau7; expires=Thu, 01 May 2025 04:37:05 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9EtaE8MAS282YD7eAA36aOFBW4jkHlXq%2B7Uwo%2Bxb5pkv%2BoJnc3XAAV7TCxerVpueS71xFrqgA3q1t6sxRp%2BNHMKbcz2nSUX14S3nCzZY4xFmCygRUgeM%2FIU1z6dVISfZn%2BME"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd2e84b3bdf63c4-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=60808&min_rtt=59183&rtt_var=15023&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=62881&cwnd=250&unsent_bytes=0&cid=60083ab698b957d5&ts=300&x=0"
-
Remote address:8.8.8.8:53Requestrabidcowse.shopIN AResponserabidcowse.shopIN A172.67.156.127rabidcowse.shopIN A104.21.7.224
-
Remote address:172.67.156.127:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: rabidcowse.shop
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=aug5946q5iai0bjkdgvfq9dqre; expires=Thu, 01 May 2025 04:37:06 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=59AorkO%2FqNPc806a%2By8%2BSu%2BUtA%2B%2FUtf8m%2FPD%2FkvlcMn0nFF7OwNpyVoCeM2I5T8CC9MCF0D%2BispPzDBhRH8R6SGbUoeq81K8dS9K3T7F28TEy7lMUzFsLRk224u8dx5fW5k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd2e84e3d1194de-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59800&min_rtt=59077&rtt_var=13585&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=603&delivery_rate=63469&cwnd=253&unsent_bytes=0&cid=4aa4c561d39f57a8&ts=301&x=0"
-
Remote address:8.8.8.8:53Request1.48.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request146.71.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestcloudewahsj.shopIN AResponsecloudewahsj.shopIN A104.21.80.1cloudewahsj.shopIN A104.21.96.1cloudewahsj.shopIN A104.21.64.1cloudewahsj.shopIN A104.21.112.1cloudewahsj.shopIN A104.21.16.1cloudewahsj.shopIN A104.21.32.1cloudewahsj.shopIN A104.21.48.1
-
Remote address:104.21.80.1:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: cloudewahsj.shop
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ng96s8p1n7uqemv6o0tdt25fdo; expires=Thu, 01 May 2025 04:37:06 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i44K8lnywoJBpYFlO1OblFSwUz7lsRrlzZUoEcLJ8%2BsRhsUp8wQJ21p7w0i7sPRbLigGlx1x3KOguOr1EAh8GGPPSdKYW6zZ8ESPurSOLUKyCc%2Bc688cZBwc7q2%2F%2FGCcKeJ2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd2e8515ff63853-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=61354&min_rtt=59287&rtt_var=15495&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=605&delivery_rate=63017&cwnd=234&unsent_bytes=0&cid=0dae026c157a392d&ts=311&x=0"
-
Remote address:8.8.8.8:53Requeststeamcommunity.comIN AResponsesteamcommunity.comIN A104.82.131.75
-
Remote address:104.82.131.75:443RequestGET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Sun, 05 Jan 2025 10:50:28 GMT
Content-Length: 25984
Connection: keep-alive
Set-Cookie: sessionid=a57c1bb589bf9614bcb8d860; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request127.156.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.80.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.131.82.104.in-addr.arpaIN PTRResponse75.131.82.104.in-addr.arpaIN PTRa104-82-131-75deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
1.0kB 4.9kB 9 9
HTTP Request
POST https://aboriginalkyv.click/apiHTTP Response
200 -
1.0kB 5.1kB 9 9
HTTP Request
POST https://abruptyopsn.shop/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://wholersorie.shop/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://framekgirus.shop/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://tirepublicerj.shop/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://noisycuttej.shop/apiHTTP Response
200 -
999 B 4.9kB 9 9
HTTP Request
POST https://rabidcowse.shop/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://cloudewahsj.shop/apiHTTP Response
200 -
1.3kB 33.2kB 17 29
HTTP Request
GET https://steamcommunity.com/profiles/76561199724331900HTTP Response
200
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
151.133.100.95.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
76.32.126.40.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
65 B 97 B 1 1
DNS Request
aboriginalkyv.click
DNS Response
172.67.186.29104.21.76.30
-
62 B 119 B 1 1
DNS Request
nearycrepso.shop
-
62 B 174 B 1 1
DNS Request
abruptyopsn.shop
DNS Response
104.21.96.1104.21.48.1104.21.64.1104.21.16.1104.21.32.1104.21.112.1104.21.80.1
-
62 B 94 B 1 1
DNS Request
wholersorie.shop
DNS Response
104.21.41.51172.67.160.114
-
72 B 134 B 1 1
DNS Request
29.186.67.172.in-addr.arpa
-
70 B 132 B 1 1
DNS Request
1.96.21.104.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
56.163.245.4.in-addr.arpa
-
62 B 94 B 1 1
DNS Request
framekgirus.shop
DNS Response
104.21.18.19172.67.179.160
-
64 B 176 B 1 1
DNS Request
tirepublicerj.shop
DNS Response
104.21.48.1104.21.64.1104.21.16.1104.21.32.1104.21.96.1104.21.112.1104.21.80.1
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
51.41.21.104.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
19.18.21.104.in-addr.arpa
-
62 B 94 B 1 1
DNS Request
noisycuttej.shop
DNS Response
104.21.71.146172.67.170.178
-
61 B 93 B 1 1
DNS Request
rabidcowse.shop
DNS Response
172.67.156.127104.21.7.224
-
70 B 132 B 1 1
DNS Request
1.48.21.104.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
146.71.21.104.in-addr.arpa
-
62 B 174 B 1 1
DNS Request
cloudewahsj.shop
DNS Response
104.21.80.1104.21.96.1104.21.64.1104.21.112.1104.21.16.1104.21.32.1104.21.48.1
-
64 B 80 B 1 1
DNS Request
steamcommunity.com
DNS Response
104.82.131.75
-
73 B 135 B 1 1
DNS Request
127.156.67.172.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
70 B 132 B 1 1
DNS Request
1.80.21.104.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
75.131.82.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.236.111.52.in-addr.arpa