Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22/01/2025, 13:52 UTC
Static task
static1
Behavioral task
behavioral1
Sample
yFQFu2M.exe
Resource
win7-20241023-en
General
-
Target
yFQFu2M.exe
-
Size
399KB
-
MD5
c4d092484f2d29e4a11e3bbceba77240
-
SHA1
79cfc2e6106a6245034fda4e081d8e9e94e1b46f
-
SHA256
0d90b2123d529cf5d605cc152e1baae0e65788b6098427ab42149a76e88263f3
-
SHA512
cff1af2afaad224e624e94fe402e88559d30e1ce97a5d13690150894844c3d258a22c8f40ed95162e19f38f0d6412c2369bcadb39605623440b1e870401aec76
-
SSDEEP
12288:jQXNUkhZcgSbANJtfecc7HAl2DzZJ8y0DcJ:j5kh3+8JnQAoDtGxYJ
Malware Config
Extracted
lumma
https://supplyedtwoz.click/api
https://impolitewearr.biz/api
https://toppyneedus.biz/api
https://lightdeerysua.biz/api
https://suggestyuoz.biz/api
https://hoursuhouy.biz/api
https://mixedrecipew.biz/api
https://affordtempyo.biz/api
https://pleasedcfrown.biz/api
Signatures
-
Lumma family
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4420 set thread context of 1384 4420 yFQFu2M.exe 84 -
Program crash 1 IoCs
pid pid_target Process procid_target 2808 4420 WerFault.exe 82 -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language yFQFu2M.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language yFQFu2M.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 4420 wrote to memory of 1168 4420 yFQFu2M.exe 83 PID 4420 wrote to memory of 1168 4420 yFQFu2M.exe 83 PID 4420 wrote to memory of 1168 4420 yFQFu2M.exe 83 PID 4420 wrote to memory of 1384 4420 yFQFu2M.exe 84 PID 4420 wrote to memory of 1384 4420 yFQFu2M.exe 84 PID 4420 wrote to memory of 1384 4420 yFQFu2M.exe 84 PID 4420 wrote to memory of 1384 4420 yFQFu2M.exe 84 PID 4420 wrote to memory of 1384 4420 yFQFu2M.exe 84 PID 4420 wrote to memory of 1384 4420 yFQFu2M.exe 84 PID 4420 wrote to memory of 1384 4420 yFQFu2M.exe 84 PID 4420 wrote to memory of 1384 4420 yFQFu2M.exe 84 PID 4420 wrote to memory of 1384 4420 yFQFu2M.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\yFQFu2M.exe"C:\Users\Admin\AppData\Local\Temp\yFQFu2M.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4420 -
C:\Users\Admin\AppData\Local\Temp\yFQFu2M.exe"C:\Users\Admin\AppData\Local\Temp\yFQFu2M.exe"2⤵PID:1168
-
-
C:\Users\Admin\AppData\Local\Temp\yFQFu2M.exe"C:\Users\Admin\AppData\Local\Temp\yFQFu2M.exe"2⤵
- System Location Discovery: System Language Discovery
PID:1384
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 8242⤵
- Program crash
PID:2808
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4420 -ip 44201⤵PID:3624
Network
-
Remote address:8.8.8.8:53Requestsupplyedtwoz.clickIN AResponsesupplyedtwoz.clickIN A104.21.80.1supplyedtwoz.clickIN A104.21.32.1supplyedtwoz.clickIN A104.21.64.1supplyedtwoz.clickIN A104.21.48.1supplyedtwoz.clickIN A104.21.16.1supplyedtwoz.clickIN A104.21.112.1supplyedtwoz.clickIN A104.21.96.1
-
Remote address:104.21.80.1:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: supplyedtwoz.click
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=4abqmc5tibfp514fcem5m3i76v; expires=Sun, 18 May 2025 07:40:42 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHe%2ByA7cJGPHYGGAFPx%2BSFuliHxfncZ9M1ctRjpR78Y9PN2P%2BR3HSH%2Bb1QcK5yUWV1vkskoJVOOv6Gk%2Bc%2FA8oJxPBCMHSQz69e6t8JCdFlByCjbbqAm9o%2FxZQyILxDbiQDo3Nlk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 906008a29e6bf650-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=32013&min_rtt=25954&rtt_var=15390&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3304&recv_bytes=609&delivery_rate=107878&cwnd=253&unsent_bytes=0&cid=ceb373e36c5a1b48&ts=283&x=0"
-
Remote address:8.8.8.8:53Requestimpolitewearr.bizIN AResponseimpolitewearr.bizIN A104.21.80.1impolitewearr.bizIN A104.21.32.1impolitewearr.bizIN A104.21.112.1impolitewearr.bizIN A104.21.16.1impolitewearr.bizIN A104.21.96.1impolitewearr.bizIN A104.21.48.1impolitewearr.bizIN A104.21.64.1
-
Remote address:104.21.80.1:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: impolitewearr.biz
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=gb6pmtq85tha03614s0d2d9sdu; expires=Sun, 18 May 2025 07:40:42 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gWQ7SY%2F3YIK22qAULYr7yiAfOhprJuM7SnLuvVIGnZ6DryK1OKD3v9DdOePZ2Voa1KnA3sz%2F3KET2%2F83ortiOr%2FCh0Umpc5FPXJ4A81DFwO5LS4ZTNEAom7kiNNYXTB4PErl8A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 906008a4abf7776b-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26699&min_rtt=26004&rtt_var=6572&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=607&delivery_rate=132003&cwnd=253&unsent_bytes=0&cid=398547264a7b23a2&ts=250&x=0"
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request216.87.200.23.in-addr.arpaIN PTRResponse216.87.200.23.in-addr.arpaIN PTRa23-200-87-216deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request1.80.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttoppyneedus.bizIN AResponsetoppyneedus.bizIN A172.67.149.66toppyneedus.bizIN A104.21.29.142
-
Remote address:172.67.149.66:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: toppyneedus.biz
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=7tnucsd8n1vcvi7rrvefme47h5; expires=Sun, 18 May 2025 07:40:43 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4KcroGUYyUs7zD7%2FI7CeK%2BmERxzTaPuuNJlZBmgHREQ2N7vBm6WO64nucax7w5B%2BETjxXdbt%2Ft10pYS4pckFc41jC30kGedD0JWo2SG0x%2FxOHGuDz4FFopd5%2FHQM2%2BVEzI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 906008a6dec476d1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=29368&min_rtt=25834&rtt_var=11880&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=603&delivery_rate=136826&cwnd=253&unsent_bytes=0&cid=2be25ef16698a22c&ts=255&x=0"
-
Remote address:8.8.8.8:53Requestlightdeerysua.bizIN AResponselightdeerysua.bizIN A104.21.48.1lightdeerysua.bizIN A104.21.96.1lightdeerysua.bizIN A104.21.80.1lightdeerysua.bizIN A104.21.16.1lightdeerysua.bizIN A104.21.64.1lightdeerysua.bizIN A104.21.112.1lightdeerysua.bizIN A104.21.32.1
-
Remote address:104.21.48.1:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: lightdeerysua.biz
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=6jmgsmh77gp3aene7n0b0h7lq5; expires=Sun, 18 May 2025 07:40:43 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g54xdo4VlJD7zEh1a0OdjraQh%2FkSuNumcCg2fP9VXFMpX44T7EDDe42DrujFdtOMWwCVTUiiuLHTIQtuc0BTOnBKqr0vmvH2QXKihRAKTQ68K8gJ0qZsENnvcSwh3ctlC7%2BAzg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 906008a8ebcc4141-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27212&min_rtt=25800&rtt_var=7789&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3303&recv_bytes=607&delivery_rate=130929&cwnd=253&unsent_bytes=0&cid=f769a48b52e6a0dd&ts=244&x=0"
-
Remote address:8.8.8.8:53Requestsuggestyuoz.bizIN AResponsesuggestyuoz.bizIN A172.67.185.181suggestyuoz.bizIN A104.21.19.91
-
Remote address:172.67.185.181:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: suggestyuoz.biz
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=eekk7p60cl0mck5tkbbkr6ckpa; expires=Sun, 18 May 2025 07:40:43 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRiTj1MRr4qGotvLv7iwp4ovI5nmLir6A1ADJpRcKzmltmUPQdewqeSqA5DAi0DY87315E6olohWcomKlQK%2FiGsrrsDxGVLphiIqx7WK%2BKB05lZJboBr55I8jOieVgiFo6Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 906008aae89f6329-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27340&min_rtt=26400&rtt_var=7161&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=603&delivery_rate=132441&cwnd=237&unsent_bytes=0&cid=f702a7097ef93c2b&ts=288&x=0"
-
Remote address:8.8.8.8:53Request71.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request66.149.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.48.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request159.96.196.23.in-addr.arpaIN PTRResponse159.96.196.23.in-addr.arpaIN PTRa23-196-96-159deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesthoursuhouy.bizIN AResponsehoursuhouy.bizIN A172.67.130.178hoursuhouy.bizIN A104.21.3.124
-
Remote address:172.67.130.178:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: hoursuhouy.biz
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=3sa9de76grdajeif1ro232ou9i; expires=Sun, 18 May 2025 07:40:44 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T5UG%2FgPHNtysghQcWyOC8nFX0J5xH5KKhqns5rniOL0gAht4Abio6NmMkL8Br8AdQmuA59aPk00%2FDMm8WlVpsVLl7rm%2BRDxfL1YgdTpwtM7sWqeh016a8XI4weX0dpgycQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 906008ad3c30cd30-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26840&min_rtt=25992&rtt_var=6965&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=601&delivery_rate=138375&cwnd=253&unsent_bytes=0&cid=3a39adf7c620278d&ts=199&x=0"
-
Remote address:8.8.8.8:53Requestmixedrecipew.bizIN AResponsemixedrecipew.bizIN A104.21.11.243mixedrecipew.bizIN A172.67.193.31
-
Remote address:104.21.11.243:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: mixedrecipew.biz
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=to4f4oapmhgrakis6i5d3tonbu; expires=Sun, 18 May 2025 07:40:44 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8pkYxt%2FHRyrgqD90fsjh%2Bybn3oOWu%2F%2FmPRbtL8y0qmVSBJLqERM8uiY4l6JYw%2FoC4wp9MygYTVbiT%2BuQvW9iNsqJx1Ar%2BebJWVsYjmqVukjA8kI6VvYs51Isrn6imoAmydb7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 906008af0ee688b5-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28113&min_rtt=26038&rtt_var=7742&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=605&delivery_rate=139189&cwnd=253&unsent_bytes=0&cid=e75fa3f495db140d&ts=235&x=0"
-
Remote address:8.8.8.8:53Requestaffordtempyo.bizIN AResponseaffordtempyo.bizIN A172.67.178.230affordtempyo.bizIN A104.21.17.248
-
Remote address:172.67.178.230:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: affordtempyo.biz
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=vibgl7ebbc968kffqncu50j9f9; expires=Sun, 18 May 2025 07:40:44 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2FmPSlzBJGQMURotfuvRdRTLmpXJAm1iLjYtqwYE7h60qV8OaIaJ0iSG8tM42zkU2aJFO3qQvxNUd40bKH%2FflZIKDRHLDwt3lMmkIAg9gJ8%2FfPicpY9KKjjJ%2Fz0uRY4UQD0C"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 906008b11923ef52-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=30590&min_rtt=26617&rtt_var=7831&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3296&recv_bytes=605&delivery_rate=133387&cwnd=253&unsent_bytes=0&cid=4d916c9a172504f3&ts=253&x=0"
-
Remote address:8.8.8.8:53Request181.185.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request178.130.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request243.11.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestpleasedcfrown.bizIN AResponsepleasedcfrown.bizIN A172.67.173.207pleasedcfrown.bizIN A104.21.47.225
-
Remote address:172.67.173.207:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: pleasedcfrown.biz
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ec7tqe4o5gj763e02me1ooq4fv; expires=Sun, 18 May 2025 07:40:45 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qoqyCzsDebI6DncdcXMTW1JIrzi8%2FI1Tb4zLjiIGHAFXB25%2BM5VvTFE29f02Yn2xUJqGfyBrW4YJuMfJnFmCaG3bJvvJjLzqAddPwC2Ffu7P8NyXnOJuwjo4%2B7HZ8siDdM49Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 906008b32aed7691-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=29572&min_rtt=26223&rtt_var=7514&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3303&recv_bytes=607&delivery_rate=138332&cwnd=253&unsent_bytes=0&cid=43d60d6f0de88fa6&ts=241&x=0"
-
Remote address:8.8.8.8:53Requeststeamcommunity.comIN AResponsesteamcommunity.comIN A23.192.247.89
-
Remote address:23.192.247.89:443RequestGET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Wed, 22 Jan 2025 13:54:06 GMT
Content-Length: 25972
Connection: keep-alive
Set-Cookie: sessionid=93a9accc6c50323275b40369; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
-
Remote address:8.8.8.8:53Request230.178.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request207.173.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request89.247.192.23.in-addr.arpaIN PTRResponse89.247.192.23.in-addr.arpaIN PTRa23-192-247-89deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request53.210.109.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request11.164.16.2.in-addr.arpaIN PTRResponse11.164.16.2.in-addr.arpaIN PTRa2-16-164-11deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request180.129.81.91.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request182.129.81.91.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
1.0kB 4.9kB 9 9
HTTP Request
POST https://supplyedtwoz.click/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://impolitewearr.biz/apiHTTP Response
200 -
999 B 4.9kB 9 9
HTTP Request
POST https://toppyneedus.biz/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://lightdeerysua.biz/apiHTTP Response
200 -
999 B 4.9kB 9 9
HTTP Request
POST https://suggestyuoz.biz/apiHTTP Response
200 -
997 B 4.9kB 9 9
HTTP Request
POST https://hoursuhouy.biz/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://mixedrecipew.biz/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://affordtempyo.biz/apiHTTP Response
200 -
1.0kB 4.9kB 9 9
HTTP Request
POST https://pleasedcfrown.biz/apiHTTP Response
200 -
1.3kB 33.3kB 17 29
HTTP Request
GET https://steamcommunity.com/profiles/76561199724331900HTTP Response
200
-
64 B 176 B 1 1
DNS Request
supplyedtwoz.click
DNS Response
104.21.80.1104.21.32.1104.21.64.1104.21.48.1104.21.16.1104.21.112.1104.21.96.1
-
63 B 175 B 1 1
DNS Request
impolitewearr.biz
DNS Response
104.21.80.1104.21.32.1104.21.112.1104.21.16.1104.21.96.1104.21.48.1104.21.64.1
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
216.87.200.23.in-addr.arpa
-
70 B 132 B 1 1
DNS Request
1.80.21.104.in-addr.arpa
-
61 B 93 B 1 1
DNS Request
toppyneedus.biz
DNS Response
172.67.149.66104.21.29.142
-
63 B 175 B 1 1
DNS Request
lightdeerysua.biz
DNS Response
104.21.48.1104.21.96.1104.21.80.1104.21.16.1104.21.64.1104.21.112.1104.21.32.1
-
61 B 93 B 1 1
DNS Request
suggestyuoz.biz
DNS Response
172.67.185.181104.21.19.91
-
72 B 134 B 1 1
DNS Request
66.149.67.172.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
71.159.190.20.in-addr.arpa
-
70 B 132 B 1 1
DNS Request
1.48.21.104.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
159.96.196.23.in-addr.arpa
-
60 B 92 B 1 1
DNS Request
hoursuhouy.biz
DNS Response
172.67.130.178104.21.3.124
-
62 B 94 B 1 1
DNS Request
mixedrecipew.biz
DNS Response
104.21.11.243172.67.193.31
-
62 B 94 B 1 1
DNS Request
affordtempyo.biz
DNS Response
172.67.178.230104.21.17.248
-
73 B 135 B 1 1
DNS Request
181.185.67.172.in-addr.arpa
-
73 B 135 B 1 1
DNS Request
178.130.67.172.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
243.11.21.104.in-addr.arpa
-
63 B 95 B 1 1
DNS Request
pleasedcfrown.biz
DNS Response
172.67.173.207104.21.47.225
-
64 B 80 B 1 1
DNS Request
steamcommunity.com
DNS Response
23.192.247.89
-
73 B 135 B 1 1
DNS Request
230.178.67.172.in-addr.arpa
-
73 B 135 B 1 1
DNS Request
207.173.67.172.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
89.247.192.23.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
53.210.109.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
11.164.16.2.in-addr.arpa
-
72 B 147 B 1 1
DNS Request
180.129.81.91.in-addr.arpa
-
72 B 147 B 1 1
DNS Request
182.129.81.91.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa