Report - origin-steam.su.atlaq.com/

Report Overview

Visited public
2023-08-26 09:25:16
Tags
URL
origin-steam.su.atlaq.com/
Finishing URL
origin-steam.su.atlaq.com/
IP / ASN
104.21.64.58
#13335 CLOUDFLARENET
Title
Origin-Steam.su - Интернет-магазин лицензионных ключей и аккаунтов для STEAM, Origin, Epic Games, Battle.net, Uplay, Minecraft и других платформ.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xinchacha2dv.ocsp-certum.com	unknown	2013-12-19	2022-07-28 12:58:17	2023-08-26 08:36:01	342 B	1.8 kB	95.101.10.193
www.snowm888.com	unknown	2023-04-19	2023-04-19 09:34:50	2023-06-29 11:49:49	390 B	68 kB	93.179.125.183
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2023-08-25 18:13:02	549 B	493 B	139.45.195.254
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2023-08-25 20:44:18	410 B	18 kB	172.67.207.224
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-08-26 00:58:04	419 B	1.9 kB	142.250.74.106
veepteero.com	unknown	2023-05-08	2023-05-09 02:18:41	2023-08-26 02:40:24	2.1 kB	8.6 kB	139.45.197.242
d3x2.myfastcdn.com	123688	2019-06-03	2019-10-29 13:16:08	2023-08-25 22:23:37	483 B	21 kB	172.66.43.101
alwingulla.com	unknown	2023-05-22	2023-05-22 18:17:44	2023-08-26 02:37:21	414 B	23 kB	104.21.72.155
origin-steam.su	385243	2013-12-27	2014-11-11 10:25:15	2023-08-21 16:47:47	449 B	1.7 kB	37.143.8.60
pa18.com	327251	2000-04-10	2013-05-03 14:46:46	2023-07-26 02:03:59	384 B	0 B	0.0.0.0
atlaq.com	460385	2019-04-07	2019-04-10 14:32:55	2023-08-25 07:12:48	858 B	168 kB	104.21.64.58
eedsaung.net	unknown	2022-07-09	2022-08-18 13:22:07	2023-08-25 17:24:04	3.8 kB	459 kB	139.45.197.242
ossmightyenar.net	unknown	2023-06-22	2023-06-23 10:50:54	2023-08-25 18:47:13	3.4 kB	96 kB	139.45.197.245
offshuppetchan.com	unknown	2023-08-01	2023-08-02 00:31:44	2023-08-25 07:18:33	5.4 kB	86 kB	139.45.197.243
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10 09:18:30	2023-08-26 05:29:38	336 B	1.4 kB	36.248.38.100
longcheer.com	unknown	1999-01-27	2017-08-24 23:22:15	2023-06-16 02:22:22	389 B	0 B	0.0.0.0
traffic.alexa.com	381412	1996-07-17	2012-05-20 23:46:11	2021-05-14 12:40:47	994 B	0 B	0.0.0.0
ibrapush.com	unknown	2019-04-19	2020-04-18 16:40:35	2023-08-25 07:18:33	2.5 kB	104 kB	139.45.197.250
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-08-26 05:09:34	1.2 kB	458 B	216.239.34.36
r93535.com	unknown	2014-06-12	2015-12-27 23:49:07	2022-07-03 11:45:43	384 B	566 B	111.33.90.37
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-08-26 05:20:19	1.1 kB	1.0 kB	139.45.197.250
snowm777.com	unknown	2022-08-09	2022-08-09 10:01:30	2023-04-19 22:57:25	386 B	846 B	104.21.2.42
rmlt.com.cn	737550	2006-06-13	2014-12-13 23:09:36	2023-06-15 21:05:14	387 B	0 B	0.0.0.0
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-08-25 10:57:45	445 B	754 B	139.45.195.8
origin-steam.su.atlaq.com	unknown	unknown	No data	No data	1.4 kB	74 kB	104.21.64.58
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-08-26 04:42:41	1.1 kB	33 kB	216.58.207.227
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-08-26 04:41:04	900 B	139 kB	142.250.74.168
offerimage.com	304078	2019-06-10	2019-06-10 13:11:53	2023-08-25 18:12:58	1.4 kB	36 kB	104.22.32.172
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-08-26 05:10:51	535 B	580 B	142.250.74.163
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-08-25 18:12:04	2.7 kB	5.6 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-08-26 09:24:50	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-08-26 09:24:50	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-08-26	medium	offshuppetchan.com	Sinkholed
2023-08-26	medium	offshuppetchan.com	Sinkholed
2023-08-26	medium	offshuppetchan.com	Sinkholed
2023-08-26	medium	offshuppetchan.com	Sinkholed
2023-08-26	medium	offshuppetchan.com	Sinkholed
2023-08-26	medium	offshuppetchan.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	eedsaung.net/27/17de61080ae6c4070bb3e0689b73465f	412 kB	2023-08-25 13:56	2023-09-04 13:03
Pretty URL eedsaung.net/27/17de61080ae6c4070bb3e0689b73465f IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-25 13:56 Last Seen2023-09-04 13:03 Times Seen96 Hash b23ef9e3b161391286cf4b25e3d8caf1 ecdf456dadfc78865fa79035c638986d56f115c1 0a5b76c2c4870d1a9c047ccf65a824ccc977b49eab02cd0f405bb937ea3d1ff7 Loading...

	origin-steam.su.atlaq.com/	1.7 kB	2024-08-21 08:02	2024-08-21 08:02
Pretty URL origin-steam.su.atlaq.com/ IP 104.21.64.58 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 08:02 Last Seen2024-08-21 08:02 Times Seen1 Hash 67a2e9683127b98177a9b53ce54b7197 5978640808524e5d3de3d26e603c266b5ced245a b7c83e5e60a92ba751f97a4462a8f4f3e42c6e4e878e2d6fffa68d8cce84892c Loading...

	origin-steam.su.atlaq.com/	154 B	2023-03-10 11:07	2024-11-28 20:47
Pretty URL origin-steam.su.atlaq.com/ IP 104.21.64.58 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 11:07 Last Seen2024-11-28 20:47 Times Seen69 Hash 556aedec3c17b1047b6ea5b24555b6b3 bc98386bf7c5d5088b545befbe3f36738874ca18 25b0f8074b7996c02b28918d9dec52e00501eee8990db393f4a0624d136a828e Loading...

	www.googletagmanager.com/gtag/js?id=UA-85346163-2	131 kB	2023-08-26 11:25	2023-08-26 11:25
Pretty URL www.googletagmanager.com/gtag/js?id=UA-85346163-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 11:25 Last Seen2023-08-26 11:25 Times Seen1 Hash c15efefe6ed19d4e0cbe6b4227a5753b 25d832c40ff4da689a370fb8c411bdae1377f82c fb21503851a682d571820887470df0c98703b291636072b72f198753b91e9ad6 Loading...

	origin-steam.su.atlaq.com/sandbox%20eval%20code	147 B	2023-04-11 21:07	2024-11-28 23:43
Pretty URL origin-steam.su.atlaq.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 23:43 Times Seen282600 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11 21:07	2024-11-28 23:43
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 23:43 Times Seen281800 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c	258 kB	2023-08-26 11:25	2023-08-26 11:25
Pretty URL www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 11:25 Last Seen2023-08-26 11:25 Times Seen1 Hash e100c69292505dc82266dcb5957a9e62 bb656afa6938aa6861089f8e3c122e1fac582aba 3ba5e738e08d56bf7a839b44f435ee1295b7397fa34c874cf8549e1dd1b40382 Loading...

	tzegilo.com/stattag.js	18 kB	2023-05-22 16:37	2023-09-06 23:37
Pretty URL tzegilo.com/stattag.js IP 172.67.207.224 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 16:37 Last Seen2023-09-06 23:37 Times Seen392 Hash dd2f9f2bb1e1c74b905556d0a7bc5545 0c831c8c56da8167b9e2dfd1d3eb3288348da85d 63f957dde1ae04a83eaff7e442e693725562c4aa1062bc072b7509640ec4f663 Loading...

	unknown	1.4 kB	2023-06-07 22:16	2024-11-10 17:49
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-06-07 22:16 Last Seen2024-11-10 17:49 Times Seen561 Hash a4951040210c1a13f3006d506c750587 38552c656ef4fbf104ec652c3ad3a4a76062f501 c444e5aeffcc46c5b62dd11508eecaec8227b0d29ce4c098cd43f7d076a00aa1 Loading...

	ibrapush.com/pfe/current/tag.min.js?z=6159542	13 kB	2023-08-24 08:38	2023-08-29 11:08
Pretty URL ibrapush.com/pfe/current/tag.min.js?z=6159542 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-24 08:38 Last Seen2023-08-29 11:08 Times Seen124 Hash cd01f2b7da7996709957b31c108ef9b8 3f48286f19a3416452c726e7b04524cb1b865ffb 269d0eea1e138083cfde292d58bfdc07160d075c31e381913db9c473d6751db4 Loading...

	ossmightyenar.net/401/6159541	91 kB	2023-08-26 11:25	2023-08-26 11:25
Pretty URL ossmightyenar.net/401/6159541 IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 11:25 Last Seen2023-08-26 11:25 Times Seen1 Hash 77be623beeff232d99ca4fc7a39b9691 3cf8bb8549b92dc0f25e46306d6809d3da8939c5 9f6c7b16eb82aceda460a7abfe326c374563dc0545811cd391cde26ae2220f70 Loading...

	eedsaung.net/1?z=6159540	42 kB	2023-08-26 11:25	2023-08-26 11:25
Pretty URL eedsaung.net/1?z=6159540 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 11:25 Last Seen2023-08-26 11:25 Times Seen1 Hash 9f35b395defd3a687ef7f87bbf6f0061 71149160c36b440980814d708908d21503207948 353a67e70851fff980d2ddcec0936aff4ff7e23f0e447ee14e38e94fa9ea2e11 Loading...

	unknown	56 B	2023-06-05 22:05	2024-08-21 09:00
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-06-05 22:05 Last Seen2024-08-21 09:00 Times Seen6 Hash 717723713547c4cb2fb524729553d824 5a0f0b23d66628c3f54c5ef776ad75111d08ba96 13b1b80a88c2a38193842e4499d546f6190d72add01596659dd2069eedda91b0 Loading...

	alwingulla.com/88/tag.min.js	71 kB	2023-08-26 09:54	2023-08-30 12:22
Pretty URL alwingulla.com/88/tag.min.js IP 104.21.72.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 09:54 Last Seen2023-08-30 12:22 Times Seen6 Hash 5e089b5dbc4adc18e2504d53bf41ccc3 ca4d922ea9e779661dc6f1329f51a8c4230550cc 06974bed98dd90152239cba77f2822ac052c685801c3bd0aa2ec1bdb6427b59d Loading...

	offshuppetchan.com/400/6159539	81 kB	2023-08-26 11:25	2023-08-26 11:25
Pretty URL offshuppetchan.com/400/6159539 IP 139.45.197.243 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 11:25 Last Seen2023-08-26 11:25 Times Seen1 Hash cf51f7e332719c1f8ab1b70bb4548612 240205e3ef88b2463950b7f2b52c96d5edfb02b3 e328bd48dc405d31674629a918e7cfa589ba91f38bf8d101e059c42c65e785c0 Loading...

	unknown	88 kB	2023-08-24 08:38	2024-08-21 08:14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-24 08:38 Last Seen2024-08-21 08:14 Times Seen135 Hash 00733ae1c66905901e4158441dc1814e a52b10de1db854988efec5e04d91e161b4d13d86 01ae7e39d77f7a086c60b8c4d6845c4d752717e31efe2afb538d024dd760c26c Loading...

	unknown	2.4 kB	2024-08-21 08:02	2024-08-21 08:02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-21 08:02 Last Seen2024-08-21 08:02 Times Seen1 Hash b630133836f94e075f6fefa77ddffa75 7699d4fd70fde26cc2c7292bd2e3df53ed3c84a6 faefae1f2b9f358c38ab6a089699e33e8bdb5846b6f9e316ff9bf24166694e06 Loading...

HTTP Transactions (64)

URL IP Response Size

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3db0594450d036b549644dfeacb42df9
0bb0b4866a5327f72f0147ddfd358e148a146152
3b99d7ecd01ec91916c49f8a21e069a97cc9e0a225cc1dde9724129fb3bd12cf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Aug 2023 09:24:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

atlaq.com/logo.png

104.21.64.58

200 OK

117 kB

URL GET HTTP/3
atlaq.com/logo.png
IP
104.21.64.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintE5:D5:36:95:0B:CC:BE:A5:14:34:09:36:2E:4B:F0:D3:17:3E:5D:E9
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
PNG image data, 500 x 446, 8-bit/color RGBA, non-interlaced\012- data
Size
117 kB (117433 bytes)
Hash
792b74959e26cd37fd05dfcd0ef07770
c6e3ed2dd9771b077daf93eda5773cd10d621147
7ae2cb133588b7a2926b71630869d602c294840f6c1379666e82b25f3354623b

HTTP Headers

GET /logo.png HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 09:24:57 GMT
content-type: image/png
content-length: 117433
cache-control: public, max-age=31536000
expires: Fri, 09 Aug 2024 13:28:22 GMT
last-modified: Wed, 29 Jan 2020 11:21:42 GMT
vary: User-Agent,Origin, Accept-Encoding
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1367795
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=co%2BjKKHyG3BLTv46VMNDFjkI7aDXLzzUU9DLkwRaGa5EpFmHsWLekqnTeLr5qx1cXmj8lq1C%2F%2Fye8XE%2FXUXiNYYcYl4C5oeRxpVRqlCMKfyWjatSHEeFIbWOlrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcb0655881b1c0e-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-85346163-2

142.250.74.168

200 OK

50 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-85346163-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint4E:35:EC:AC:A4:3A:09:F9:F3:9A:26:43:94:A7:BA:2C:01:54:DA:12
ValidityMon, 07 Aug 2023 12:16:40 GMT - Mon, 30 Oct 2023 12:16:39 GMT

File type
ASCII text, with very long lines (2271)
Size
50 kB (50075 bytes)
Hash
c15efefe6ed19d4e0cbe6b4227a5753b
25d832c40ff4da689a370fb8c411bdae1377f82c
fb21503851a682d571820887470df0c98703b291636072b72f198753b91e9ad6

HTTP Headers

GET /gtag/js?id=UA-85346163-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Aug 2023 09:24:57 GMT
expires: Sat, 26 Aug 2023 09:24:57 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50075
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3db0594450d036b549644dfeacb42df9
0bb0b4866a5327f72f0147ddfd358e148a146152
3b99d7ecd01ec91916c49f8a21e069a97cc9e0a225cc1dde9724129fb3bd12cf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Aug 2023 09:24:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

veepteero.com/88/1310

139.45.197.242

200 OK

345 B

URL GET HTTP/2
veepteero.com/88/1310
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint18:8E:43:6B:DE:B9:D5:C4:32:24:60:6A:7A:AA:F1:EA:EF:54:81:13
ValidityThu, 27 Jul 2023 05:27:19 GMT - Wed, 25 Oct 2023 05:27:18 GMT

File type
JSON data\012- , ASCII text, with very long lines (345), with no line terminators
Size
345 B (345 bytes)
Hash
bc1f5cb0d987c03d21ba1e9082695659
d4ab9b02e35c1b8b6339e4e3af820b1097b94375
2246f70fc8d78becd7c5b392e6fdddce61994a6209826ad26c703e49d501a899

HTTP Headers

GET /88/1310 HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/json
content-length: 345
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c

142.250.74.168

200 OK

88 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint4E:35:EC:AC:A4:3A:09:F9:F3:9A:26:43:94:A7:BA:2C:01:54:DA:12
ValidityMon, 07 Aug 2023 12:16:40 GMT - Mon, 30 Oct 2023 12:16:39 GMT

File type
ASCII text, with very long lines (5857)
Size
88 kB (87660 bytes)
Hash
e100c69292505dc82266dcb5957a9e62
bb656afa6938aa6861089f8e3c122e1fac582aba
3ba5e738e08d56bf7a839b44f435ee1295b7397fa34c874cf8549e1dd1b40382

HTTP Headers

GET /gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Aug 2023 09:24:58 GMT
expires: Sat, 26 Aug 2023 09:24:58 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87660
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintB4:02:64:AF:5C:AB:27:5B:1B:80:CF:C8:FF:EB:BF:43:29:C3:C5:C1
ValidityTue, 25 Jul 2023 06:29:27 GMT - Mon, 23 Oct 2023 06:29:26 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
0c3dc532516a7781cbc61aed7d57223d
bbec1433eb1d282b1e8a2361615ddb0323b4bb18
36fc7ee51341a3d3a3465a27a3b6f02df0dab543b72b45a10d399d6d3d748d24

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b19e1ce4528f41d8a263194f29ab5780; expires=Sun, 25 Aug 2024 09:24:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ibrapush.com/zone?pub=0&zone_id=6159542&is_mobile=false&domain=origin-steam.su.atlaq.com&var=&ymid=&var_3=

139.45.197.250

200 OK

880 B

URL GET HTTP/2
ibrapush.com/zone?pub=0&zone_id=6159542&is_mobile=false&domain=origin-steam.su.atlaq.com&var=&ymid=&var_3=
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint95:01:CF:2E:40:B2:C2:03:4A:2C:93:C9:7E:2F:8D:85:D2:37:71:29
ValidityWed, 07 Jun 2023 04:50:57 GMT - Tue, 05 Sep 2023 04:50:56 GMT

File type
JSON data\012- , ASCII text, with very long lines (879)
Size
880 B (880 bytes)
Hash
aba7b9361315f281ab5277e65ff853d5
47d629edef08aaf2e24c19d26b5d080c3d9489a6
057e1950cf78d9829bc3d3247ed2d524fc0001402ff5f71e51dec34150dba169

HTTP Headers

GET /zone?pub=0&zone_id=6159542&is_mobile=false&domain=origin-steam.su.atlaq.com&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: e06fdb91ca7d46d8f61115dbb19f9508
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

eedsaung.net/1?z=6159540&oo=1&oaid=b19e1ce4528f41d8a263194f29ab5780

139.45.197.242

200 OK

961 B

URL GET HTTP/2
eedsaung.net/1?z=6159540&oo=1&oaid=b19e1ce4528f41d8a263194f29ab5780
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjecteedsaung.net
Fingerprint39:1A:51:39:17:5B:6C:AA:21:3B:A2:96:D4:95:44:AB:8E:75:75:65
ValiditySun, 13 Aug 2023 02:55:57 GMT - Sat, 11 Nov 2023 02:55:56 GMT

File type
JSON data\012- , ASCII text, with very long lines (961), with no line terminators
Size
961 B (961 bytes)
Hash
98f9cdcee4c32907a43e8c1ab72e2e53
3255d04dabffe8232140ebad37a2d6b37ab599eb
98d11411ad8132489bc679d3bb6f62d96a1752260c99333f4d2f6bab5198e0dd

HTTP Headers

GET /1?z=6159540&oo=1&oaid=b19e1ce4528f41d8a263194f29ab5780 HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Cookie: scm=1; OAID=33eed3fdfb614369850210052a2327a1; oaidts=1693041898
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/json
content-length: 961
access-control-allow-credentials: true
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 3b1c44ce16f47cb2dcb7f4d44a301a82
access-control-expose-headers: X-Sc
set-cookie: OAID=b19e1ce4528f41d8a263194f29ab5780; expires=Sun, 25 Aug 2024 09:24:58 GMT; secure; SameSite=None
oaidts=1693041898; expires=Sun, 25 Aug 2024 09:24:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
ibrapush.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint95:01:CF:2E:40:B2:C2:03:4A:2C:93:C9:7E:2F:8D:85:D2:37:71:29
ValidityWed, 07 Jun 2023 04:50:57 GMT - Tue, 05 Sep 2023 04:50:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
ibrapush.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint95:01:CF:2E:40:B2:C2:03:4A:2C:93:C9:7E:2F:8D:85:D2:37:71:29
ValidityWed, 07 Jun 2023 04:50:57 GMT - Tue, 05 Sep 2023 04:50:56 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://origin-steam.su.atlaq.com/
Content-Type: application/json
Content-Length: 387
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1f64dcb1114ff83450d3954770aa3b1e
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint05:0D:26:E2:7E:9B:8F:37:68:59:AD:81:46:AA:1C:A8:AD:41:88:2E
ValidityMon, 19 Jun 2023 01:32:21 GMT - Sun, 17 Sep 2023 01:32:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint05:0D:26:E2:7E:9B:8F:37:68:59:AD:81:46:AA:1C:A8:AD:41:88:2E
ValidityMon, 19 Jun 2023 01:32:21 GMT - Sun, 17 Sep 2023 01:32:20 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
c3235da3a03e1d792a9220294b319376
a4cb7fe7d4d5dbb0a0d9b2fc4d97068356738d43
d7cb7a19a5d8ff720423af665d05d2caefa13807100d7dd4545471ed25146b04

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://origin-steam.su.atlaq.com/
Content-Type: application/json
Content-Length: 510
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 9c4a299c67d2ab4521b363bb48c4919d
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ossmightyenar.net/500/6159541?excludes=&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0

139.45.197.245

200 OK

0 B

URL GET HTTP/2
ossmightyenar.net/500/6159541?excludes=&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectossmightyenar.net
Fingerprint89:EC:F1:57:D9:26:12:A9:CC:05:D3:1E:4E:79:2D:F3:D1:18:10:7D
ValidityThu, 22 Jun 2023 14:45:58 GMT - Wed, 20 Sep 2023 14:45:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/6159541?excludes=&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0 HTTP/1.1
Host: ossmightyenar.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

origin-steam.su.atlaq.com/badk.txt

104.21.64.58

200 OK

15 kB

URL GET HTTP/3
origin-steam.su.atlaq.com/badk.txt
IP
104.21.64.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintE5:D5:36:95:0B:CC:BE:A5:14:34:09:36:2E:4B:F0:D3:17:3E:5D:E9
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
15 kB (14553 bytes)
Hash
f4245877e1f9b8764acbac7b475ebf2d
7471a9d7354637651fa5d0200febe7ab162fb69a
bd300473a295a173716b1b182aed7c14e3551f7400360dd5f694115683ccd41c

HTTP Headers

GET /badk.txt HTTP/1.1
Host: origin-steam.su.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://origin-steam.su.atlaq.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Mon, 25 Sep 2023 09:24:58 GMT
last-modified: Mon, 13 Apr 2020 08:00:16 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CH3sSsTfpNA2Rn%2FLF6sPm9ZI1%2B%2BkF76ftiTQWFVb3ILp2WMIMjxqyDtGF%2Fasb4ZDWq2wHpDjcNxF31%2FDnqcFCwfs%2BK8f1h41rV733664b1kuTaKQ%2Bx2hwifoBuDL7c4wzUhDUm%2FrkBhANfGG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcb0655981f1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

offshuppetchan.com/400/6159539?oo=1&oaid=b19e1ce4528f41d8a263194f29ab5780&sw_version=v1.290.0

139.45.197.243

200 OK

837 B

URL GET HTTP/2
offshuppetchan.com/400/6159539?oo=1&oaid=b19e1ce4528f41d8a263194f29ab5780&sw_version=v1.290.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectoffshuppetchan.com
Fingerprint9A:E3:1E:BF:DA:AD:98:88:60:4C:E5:A2:2D:41:E9:73:CF:17:70:00
ValidityTue, 01 Aug 2023 12:34:44 GMT - Mon, 30 Oct 2023 12:34:43 GMT

File type
JSON data\012- , ASCII text, with very long lines (2236), with no line terminators
Size
837 B (837 bytes)
Hash
da0c772fa523c5a054bd67ad7717655d
9975651b97c80001ec0f0f5837232f313bb4fe9b
d007e6f1b6ac679a016ce1b1031d9060b651a9fa3b999d1deaa012dfd633949a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/6159539?oo=1&oaid=b19e1ce4528f41d8a263194f29ab5780&sw_version=v1.290.0 HTTP/1.1
Host: offshuppetchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Cookie: OAID=e2ce10a0d4c94691b96a9d00347bd87a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/json
x-trace-id: f62cfc1fc51e584ab52f4382d2a33824
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=b19e1ce4528f41d8a263194f29ab5780; expires=Sun, 25 Aug 2024 09:24:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
FingerprintA4:AF:A0:00:99:C9:85:E5:30:F6:F3:F2:B5:4F:AE:4F:D0:46:74:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1314
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 26 Aug 2023 09:26:01 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://origin-steam.su.atlaq.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

eedsaung.net/9?z=6159540&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=b19e1ce4528f41d8a263194f29ab5780

139.45.197.242

204 No Content

0 B

URL OPTIONS HTTP/2
eedsaung.net/9?z=6159540&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=b19e1ce4528f41d8a263194f29ab5780
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjecteedsaung.net
Fingerprint39:1A:51:39:17:5B:6C:AA:21:3B:A2:96:D4:95:44:AB:8E:75:75:65
ValiditySun, 13 Aug 2023 02:55:57 GMT - Sat, 11 Nov 2023 02:55:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /9?z=6159540&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=b19e1ce4528f41d8a263194f29ab5780 HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 26 Aug 2023 09:24:59 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

xinchacha2dv.ocsp-certum.com/

95.101.10.193

1.5 kB

URL
xinchacha2dv.ocsp-certum.com/
IP
95.101.10.193:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.5 kB (1538 bytes)
Hash
4130e85bfdac70c1dafebfaf90f78042
9fdedde5c75097a87e8e2df1885f09cc63d93c3a
539665b14543ef05c1fdaf0b902b38ae317a1da24e229e36c99397ea99079099

HTTP Headers

POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: STALE
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=893
Date: Sat, 26 Aug 2023 09:24:59 GMT
Connection: keep-alive
X-N: S

offshuppetchan.com/500/6159539?excludes=&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0

139.45.197.243

200 OK

0 B

URL OPTIONS HTTP/2
offshuppetchan.com/500/6159539?excludes=&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectoffshuppetchan.com
Fingerprint9A:E3:1E:BF:DA:AD:98:88:60:4C:E5:A2:2D:41:E9:73:CF:17:70:00
ValidityTue, 01 Aug 2023 12:34:44 GMT - Mon, 30 Oct 2023 12:34:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6159539?excludes=&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0 HTTP/1.1
Host: offshuppetchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:59 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg

104.22.32.172

200 OK

11 kB

URL GET HTTP/2
offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (10857 bytes)
Hash
c203639f459b6e675afc744dd5393fc6
c83a0142c1a7f6a07c2dd360243197a27f560932
64b4e386658d3f5764261f576a4673eb506fcad5e38e69ef085723f8dab72263

HTTP Headers

GET /www/images/c203639f459b6e675afc744dd5393fc6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 09:24:59 GMT
content-type: image/jpeg
content-length: 10857
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849a-2a69"
expires: Sun, 27 Aug 2023 08:23:16 GMT
last-modified: Thu, 01 Dec 2022 10:40:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 3703
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcb065e5ef12e12-ARN
X-Firefox-Spdy: h2

eedsaung.net/11?rnd=703664917&z=6159540&b=18598989&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=1&rb=PuVX1G8ums3Fm-KraswPHp2lhEQDnsrvk_es8nez-mq0L-HeWkplAzwtR-bQu_hf6FsfhIozeqe8gETPk3pz8TC1KRxhEEBPClulC8RZZjCz8C-PPrspgZVSozMkCtsEb8hE5UueSipFx0vWc8ZgcqgtdqZLHhFWsjwbIBCQvNh5qaB1mXeHr_PzxIEnuIcpalejiWdPz8PhG5Ny18PC6TPB5ZjtNu0xYcFHspzpwqtbj5SlxLbHXoEbJ71zNL6_SFuaL2qbsarxcZaKkFFxED225we2Go7wA1OYrSqwiPx9bcsB3af-QfhChveU02ElX1TCLhhCOcFwXEb_NIS9oc2I6OFvU3VirGOxHfPY8hmHvVbXjCVezA4vlUS3ZX31E0YwBDYq8QLbVbX2zozclnrRp1cYElOUCMMaLcsuVYm_QkekijrAKSHHRh6QMNwy2GUxce-zLoEdtZjzrwTVq-XWgzLyxrLtKMt5TUjVAgTN9MntFHvC-2w31J6wxYq5UFsSOSEVBR3xZAMBey6W0kz4_D6s1UCxZK_CDhxzm_FacATqBAah32zrUVjW-bR9BJnqmlJ0JleFUZ-_oAEh9yqg2g5HLpIYk3cqD5rPMRic5otBOZ-ze5jVE9Qscj5cbleehGsqJYsYoYt0bjCLvKDmEJP9coeg_prJyvq7EiNqL0Am&ruid=0cad4e13-bc32-4738-95b3-d851b450d614&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=149

139.45.197.242

200 OK

0 B

URL GET HTTP/2
eedsaung.net/11?rnd=703664917&z=6159540&b=18598989&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=1&rb=PuVX1G8ums3Fm-KraswPHp2lhEQDnsrvk_es8nez-mq0L-HeWkplAzwtR-bQu_hf6FsfhIozeqe8gETPk3pz8TC1KRxhEEBPClulC8RZZjCz8C-PPrspgZVSozMkCtsEb8hE5UueSipFx0vWc8ZgcqgtdqZLHhFWsjwbIBCQvNh5qaB1mXeHr_PzxIEnuIcpalejiWdPz8PhG5Ny18PC6TPB5ZjtNu0xYcFHspzpwqtbj5SlxLbHXoEbJ71zNL6_SFuaL2qbsarxcZaKkFFxED225we2Go7wA1OYrSqwiPx9bcsB3af-QfhChveU02ElX1TCLhhCOcFwXEb_NIS9oc2I6OFvU3VirGOxHfPY8hmHvVbXjCVezA4vlUS3ZX31E0YwBDYq8QLbVbX2zozclnrRp1cYElOUCMMaLcsuVYm_QkekijrAKSHHRh6QMNwy2GUxce-zLoEdtZjzrwTVq-XWgzLyxrLtKMt5TUjVAgTN9MntFHvC-2w31J6wxYq5UFsSOSEVBR3xZAMBey6W0kz4_D6s1UCxZK_CDhxzm_FacATqBAah32zrUVjW-bR9BJnqmlJ0JleFUZ-_oAEh9yqg2g5HLpIYk3cqD5rPMRic5otBOZ-ze5jVE9Qscj5cbleehGsqJYsYoYt0bjCLvKDmEJP9coeg_prJyvq7EiNqL0Am&ruid=0cad4e13-bc32-4738-95b3-d851b450d614&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=149
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjecteedsaung.net
Fingerprint39:1A:51:39:17:5B:6C:AA:21:3B:A2:96:D4:95:44:AB:8E:75:75:65
ValiditySun, 13 Aug 2023 02:55:57 GMT - Sat, 11 Nov 2023 02:55:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /11?rnd=703664917&z=6159540&b=18598989&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=1&rb=PuVX1G8ums3Fm-KraswPHp2lhEQDnsrvk_es8nez-mq0L-HeWkplAzwtR-bQu_hf6FsfhIozeqe8gETPk3pz8TC1KRxhEEBPClulC8RZZjCz8C-PPrspgZVSozMkCtsEb8hE5UueSipFx0vWc8ZgcqgtdqZLHhFWsjwbIBCQvNh5qaB1mXeHr_PzxIEnuIcpalejiWdPz8PhG5Ny18PC6TPB5ZjtNu0xYcFHspzpwqtbj5SlxLbHXoEbJ71zNL6_SFuaL2qbsarxcZaKkFFxED225we2Go7wA1OYrSqwiPx9bcsB3af-QfhChveU02ElX1TCLhhCOcFwXEb_NIS9oc2I6OFvU3VirGOxHfPY8hmHvVbXjCVezA4vlUS3ZX31E0YwBDYq8QLbVbX2zozclnrRp1cYElOUCMMaLcsuVYm_QkekijrAKSHHRh6QMNwy2GUxce-zLoEdtZjzrwTVq-XWgzLyxrLtKMt5TUjVAgTN9MntFHvC-2w31J6wxYq5UFsSOSEVBR3xZAMBey6W0kz4_D6s1UCxZK_CDhxzm_FacATqBAah32zrUVjW-bR9BJnqmlJ0JleFUZ-_oAEh9yqg2g5HLpIYk3cqD5rPMRic5otBOZ-ze5jVE9Qscj5cbleehGsqJYsYoYt0bjCLvKDmEJP9coeg_prJyvq7EiNqL0Am&ruid=0cad4e13-bc32-4738-95b3-d851b450d614&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=149 HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Cookie: scm=1; OAID=b19e1ce4528f41d8a263194f29ab5780; oaidts=1693041898
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:59 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: b6b018968708bf807c11e70410e55247
access-control-expose-headers: X-Sc
set-cookie: OAID=b19e1ce4528f41d8a263194f29ab5780; expires=Sun, 25 Aug 2024 09:24:59 GMT; secure; SameSite=None
oaidts=1693041898; expires=Sun, 25 Aug 2024 09:24:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

snowm777.com/favicon.ico

104.21.2.42

301 Moved Permanently

201 B

URL GET HTTP/2
snowm777.com/favicon.ico
IP
104.21.2.42:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectsnowm777.com
FingerprintCA:3D:85:9C:0B:C1:16:16:93:B4:1B:06:72:1D:BC:C0:05:BA:DC:8B
ValidityTue, 15 Aug 2023 08:49:56 GMT - Mon, 13 Nov 2023 08:49:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
201 B (201 bytes)
Hash
7fba573f299ab7b6b3185e77fab30c45
c65df4f4c2d9ee03c5c8d2037635e7cd5ab80979
69238fa3891221589baa0501b9b800008ee1e0f87472c4f6affd67e1499586a8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: snowm777.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: text/html
location: https://www.snowm888.com/favicon.ico
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P7U%2BWApNGHhaERbLnZ%2BH7dthSvepDmyWm%2BcOu7%2BOhfMHy8ScIqKlM1C%2FvA6F5aVxTsT7BhMWdi9b2UmRRl4YngTFtHxxjl9%2BRGIZ1zj0vszEPbjfu12kePE2Bh5L%2FyQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcb06567fc3b515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

d3x2.myfastcdn.com/www/images/311072075b022b0ea412943d7ac0e146.png?width=984

172.66.43.101

200 OK

20 kB

URL GET HTTP/2
d3x2.myfastcdn.com/www/images/311072075b022b0ea412943d7ac0e146.png?width=984
IP
172.66.43.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint9B:E0:88:3B:1B:31:56:B9:D9:94:4F:4F:54:13:FB:0B:2F:17:37:7F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
20 kB (19960 bytes)
Hash
5bbfc8fe182f986435e32baba86ca388
6a1b169c89e509206a109d72d41fcfdf05b42832
b3cf8e957c2767610ff2ab4e173bdec220ead95ba8731c684d6942a86c1a2609

HTTP Headers

GET /www/images/311072075b022b0ea412943d7ac0e146.png?width=984 HTTP/1.1
Host: d3x2.myfastcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 09:24:59 GMT
content-type: image/webp
content-length: 19960
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
edge-cache-tag: 421737980665494638480926429812291330760,293268836313657461801723386032005474223,29ecf9b93bbf306179626feeda1fab70
etag: "a8bcd5a024bbccadb1117a313e8ae607"
expiration: expiry-date="Fri, 25 Aug 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 25 Jul 2023 12:12:20 GMT
req-referer: https://tamlinh247.com.vn/
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 1118
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
cache-control: max-age=86400
age: 75122
vary: ImageFormat, Accept-Encoding
x-vcl-time-ms: 1225
expires: Sat, 26 Aug 2023 12:32:57 GMT
timing-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7fcb065ea91fb518-OSL
X-Firefox-Spdy: h2

r93535.com/favicon.ico

111.33.90.37

404 Not Found

153 B

URL GET HTTP/1.1
r93535.com/favicon.ico
IP
111.33.90.37:443
ASN
#38019 tianjin Mobile Communication Company Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerBeijing Xinchacha Credit Management Co., Ltd.
Subject*.r93535.com
FingerprintEC:06:BA:CC:69:5B:E4:8F:C2:DF:3E:EB:B7:A9:1A:3E:AC:E4:BF:A8
ValidityMon, 24 Oct 2022 06:53:30 GMT - Tue, 24 Oct 2023 06:53:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: r93535.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Content-Length: 153
Connection: keep-alive
Server: nginx/1.18.0
Date: Sat, 26 Aug 2023 09:24:59 GMT
X-Kong-Upstream-Latency: 1
X-Kong-Proxy-Latency: 0
Via: kong/1.4.1
Set-Cookie: BIGipServerpool_srxtjk=!00J3LU5iq0NwJWKb/CULM79eIdI1FCZLyLB6J3umTImbZoQYZOqS1rjOSWPZjr8/HAO+IlGytEsEp1Q=; expires=Sat, 26-Aug-2023 09:34:59 GMT; path=/; Httponly

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c69f83a05bf91af40bd2877b2ff4c07f
478b3cce204a7669998eb6cf9e5b1877ac85a7cf
54dbef957295837e7da7b622d722e9e19c3a06fb1fecc6baf61dc6302c8e30c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Aug 2023 09:24:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

alwingulla.com/88/tag.min.js

104.21.72.155

200 OK

22 kB

URL GET HTTP/2
alwingulla.com/88/tag.min.js
IP
104.21.72.155:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectalwingulla.com
Fingerprint11:52:36:77:53:6A:81:6C:C4:56:C5:38:F2:59:77:F7:FC:9F:68:9E
ValidityThu, 20 Jul 2023 17:46:46 GMT - Wed, 18 Oct 2023 17:46:45 GMT

File type
ASCII text, with very long lines (65494)
Size
22 kB (21991 bytes)
Hash
5e089b5dbc4adc18e2504d53bf41ccc3
ca4d922ea9e779661dc6f1329f51a8c4230550cc
06974bed98dd90152239cba77f2822ac052c685801c3bd0aa2ec1bdb6427b59d

HTTP Headers

GET /88/tag.min.js HTTP/1.1
Host: alwingulla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 09:24:57 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: ad2b6b04beeb555281e30d6b7c4164c2
cache-control: max-age=86400
last-modified: Fri, 25 Aug 2023 12:48:33 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 26 Aug 2023 21:43:32 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 42085
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APFXgW0%2Btapa2z6S1CNynV4TBk%2FbCZu5XVsAxcRTJLk6QCV%2B%2FwOO7itSlZo%2FOlMw5naL1jkmE8xdYIKqw0xtdmWzqEs32vJbXHC9KdqYoRB6lJH6WnjDaVO7akl63FCg5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcb0654deb3b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c69f83a05bf91af40bd2877b2ff4c07f
478b3cce204a7669998eb6cf9e5b1877ac85a7cf
54dbef957295837e7da7b622d722e9e19c3a06fb1fecc6baf61dc6302c8e30c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Aug 2023 09:24:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

origin-steam.su.atlaq.com/sw.js

104.21.64.58

200 OK

3.6 kB

URL GET HTTP/3
origin-steam.su.atlaq.com/sw.js
IP
104.21.64.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintE5:D5:36:95:0B:CC:BE:A5:14:34:09:36:2E:4B:F0:D3:17:3E:5D:E9
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5235)
Size
3.6 kB (3571 bytes)
Hash
5e4970102cb8df8ff07a65aaa9d9691d
a2a54a19184eae3a8739c48edb41e59e906cc261
7fee5eb745ab3f5e44914bdd6053be4d8cbc9165e1c1bb014e5d199930f84fc9

HTTP Headers

GET /sw.js HTTP/1.1
Host: origin-steam.su.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://origin-steam.su.atlaq.com/
DNT: 1
Connection: keep-alive
Cookie: _ga_FPZ0VEL1WQ=GS1.1.1693041889.1.0.1693041889.60.0.0; _ga=GA1.1.762720776.1693041889
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 09:24:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
expires: Sat, 02 Sep 2023 09:24:58 GMT
last-modified: Tue, 25 Jul 2023 06:50:27 GMT
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-expose-headers: Content-Disposition
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zq2aBhpxNf9fP2bsAeouqYEhzMdhBPPsihO6F9pqZj3%2F5E9sEEU9fp9yWrQs2F4vzOS15f38ma7Fg7ag4EH4li38cAApTV15euNsKjDJuCoupSZmmIsRIJJay6FPcGDe%2FnhA1bPKCDbszMzg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcb065a2d5a1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

139.45.197.245

200 OK

1.6 kB

URL GET HTTP/2
ossmightyenar.net/500/6159541?excludes=&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectossmightyenar.net
Fingerprint89:EC:F1:57:D9:26:12:A9:CC:05:D3:1E:4E:79:2D:F3:D1:18:10:7D
ValidityThu, 22 Jun 2023 14:45:58 GMT - Wed, 20 Sep 2023 14:45:57 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.6 kB (1627 bytes)
Hash
07b4afc2c42f1cda7441d455828b6e85
cf8c12b8cfa7eec493abef4d3ca4fe5cd2b0d983
48da1d09f9cf5f5b4df8d8d6aa0b9e11594fc87ba57787b4f3a71d15ff274fb8

HTTP Headers

GET /500/6159541?excludes=&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0 HTTP/1.1
Host: ossmightyenar.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Cookie: OAID=cc06cee010fe489abb4004089de04ef3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/javascript
x-trace-id: a830a852ad0929444069c3c17316e368
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=b19e1ce4528f41d8a263194f29ab5780; expires=Sun, 25 Aug 2024 09:24:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.trust-provider.cn/

36.248.38.100

599 B

URL
ocsp.trust-provider.cn/
IP
36.248.38.100:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
data
Size
599 B (599 bytes)
Hash
9b4200fa16bc1a1a1f548843aedeb996
19aa0fedf25443d5de9a792775a0dc8a1fad5d1a
38268b6ecf421001e01c6f7bb0cebe426fad689eb8cdb618ac43504eaf0fabc2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
Date: Sat, 26 Aug 2023 09:24:59 GMT
Accept-Ranges: bytes
CF-Cache-Status: REVALIDATED
CF-RAY: 7fb9a119cc90ce9c-SJC
ETag: "19aa0fedf25443d5de9a792775a0dc8a1fad5d1a"
Expires: Wed, 30 Aug 2023 23:22:07 GMT
Last-Modified: Wed, 23 Aug 2023 23:22:08 GMT
WS-Cache-Status: 0
X-CCACDN-Proxy-ID: scdpinlb1
X-Frame-Options: SAMEORIGIN
X-Via: 1.1 PS-000-01hSD49:9 (Cdn Cache Server V2.0), 1.1 VM-JJN-01Xmk84:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64e9c4eb_VM-JJN-01kXQ81_27653-20850
via: n172-013-214.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1693041899cefd3434da8b97079be75c1bd2d0d08a
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=10, edge;dur=0

origin-steam.su/storage/images/favicon.ico

37.143.8.60

200 OK

1.2 kB

URL GET HTTP/2
origin-steam.su/storage/images/favicon.ico
IP
37.143.8.60:443
ASN
#210079 EuroByte LLC

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGlobalSign nv-sa
Subjectwww.origin-steam.su
Fingerprint06:25:E7:6D:64:54:54:AB:6F:7D:90:D0:6A:F9:30:A0:01:A8:99:20
ValidityThu, 13 Jul 2023 20:25:29 GMT - Tue, 13 Aug 2024 20:25:28 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
41743da5b84789fb1f0c406ceb10cf62
3dfce9df5ae761094d7368c8c89f4e45012cad1b
4d3b07ba1cf4ddf7c19bf52ab4f96c3b9619bcf062c4e149a3ba034e977b3aa3

HTTP Headers

GET /storage/images/favicon.ico HTTP/1.1
Host: origin-steam.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 22 Feb 2024 09:24:59 GMT
etag: "47e-5ff8d518-42cbe;;;"
last-modified: Fri, 08 Jan 2021 21:56:40 GMT
content-type: image/x-icon
content-length: 1150
accept-ranges: bytes
date: Sat, 26 Aug 2023 09:24:59 GMT
server: LiteSpeed
cache-control: public, max-age=15552000
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

www.snowm888.com/favicon.ico

93.179.125.183

200 OK

68 kB

URL GET HTTP/2
www.snowm888.com/favicon.ico
IP
93.179.125.183:443
ASN
#25820 IT7NET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.snowm888.com
Fingerprint8E:F8:4E:DD:CD:B3:B7:A0:9F:1A:5D:41:39:55:20:48:F6:2A:B7:44
ValidityWed, 19 Apr 2023 00:00:00 GMT - Thu, 18 Apr 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel\012- data
Size
68 kB (67646 bytes)
Hash
8ef7d2d9831ca84e1f07e1beddf3eb8e
62a1716c9cc4a2797790ea6737f94b7ceed6b848
0dd61bc7ba66c2e30cc2864b6e3a9879e1d61f1d18f0466ae6ad4f7312d3141c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.snowm888.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:59 GMT
content-type: image/x-icon
content-length: 67646
last-modified: Wed, 19 Apr 2023 10:05:47 GMT
etag: "643fbcfb-1083e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ossmightyenar.net/impression/fnT4_ueqNCBJg9FBRn9jTLwsw_Isd8RO1rLnMnfC-_B-0ZlxkQtcLkkwI9e3Y75wVWy9S0HdopxtcxlLMTmFzdhKmOaTmk59qGxVNYTeYmCw1af2PlLkhcW1pbG-Ru0LLPYo7oAMDTLEFI7gk-WQp927g3qIEwlK3glTDNuD5zAv_9bn15PIbGkR0DFXBLHsZFHbCxzQmcEX8VHRRJ2pBarBQB9gSznHF92BOs1PEpjh3qm5y-uxsjhSNBrgB212UYCcuagKLRARKYrAx_VZQRziCEDBeQwDEb-d924rMr5pZA4p90wbJq6Xj-8U06-47byDs5_7aiGBzmNETnu_Q6G-pND_GCLZt0Ux9t_DF3GIFbtVq6U1LMCnkBLejnZYuqkemAH2egb-_wtPnXeSuzP3XVSMlv8IyhvO5BGbKlJRfamTFFunkHqlM6HPqOtFfGr95bjYDomWHxij5RCcuovAqQ-Sdo87OLs-JgWQIOP5ydrNh_Vg3Mt_Fz0znQEDE8zl_6C-aR6Th2P5c3Fjs9SujF8AOQ46Va35Ku0qVyOmgwRUHxUeMgZbps4WhAI4WG3r9F8oVfsWiwVcAmZx_7FDZ0pto6zAsFMAuA==?_z=6159541&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0

139.45.197.245

200 OK

43 B

URL GET HTTP/2
ossmightyenar.net/impression/fnT4_ueqNCBJg9FBRn9jTLwsw_Isd8RO1rLnMnfC-_B-0ZlxkQtcLkkwI9e3Y75wVWy9S0HdopxtcxlLMTmFzdhKmOaTmk59qGxVNYTeYmCw1af2PlLkhcW1pbG-Ru0LLPYo7oAMDTLEFI7gk-WQp927g3qIEwlK3glTDNuD5zAv_9bn15PIbGkR0DFXBLHsZFHbCxzQmcEX8VHRRJ2pBarBQB9gSznHF92BOs1PEpjh3qm5y-uxsjhSNBrgB212UYCcuagKLRARKYrAx_VZQRziCEDBeQwDEb-d924rMr5pZA4p90wbJq6Xj-8U06-47byDs5_7aiGBzmNETnu_Q6G-pND_GCLZt0Ux9t_DF3GIFbtVq6U1LMCnkBLejnZYuqkemAH2egb-_wtPnXeSuzP3XVSMlv8IyhvO5BGbKlJRfamTFFunkHqlM6HPqOtFfGr95bjYDomWHxij5RCcuovAqQ-Sdo87OLs-JgWQIOP5ydrNh_Vg3Mt_Fz0znQEDE8zl_6C-aR6Th2P5c3Fjs9SujF8AOQ46Va35Ku0qVyOmgwRUHxUeMgZbps4WhAI4WG3r9F8oVfsWiwVcAmZx_7FDZ0pto6zAsFMAuA==?_z=6159541&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectossmightyenar.net
Fingerprint89:EC:F1:57:D9:26:12:A9:CC:05:D3:1E:4E:79:2D:F3:D1:18:10:7D
ValidityThu, 22 Jun 2023 14:45:58 GMT - Wed, 20 Sep 2023 14:45:57 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/fnT4_ueqNCBJg9FBRn9jTLwsw_Isd8RO1rLnMnfC-_B-0ZlxkQtcLkkwI9e3Y75wVWy9S0HdopxtcxlLMTmFzdhKmOaTmk59qGxVNYTeYmCw1af2PlLkhcW1pbG-Ru0LLPYo7oAMDTLEFI7gk-WQp927g3qIEwlK3glTDNuD5zAv_9bn15PIbGkR0DFXBLHsZFHbCxzQmcEX8VHRRJ2pBarBQB9gSznHF92BOs1PEpjh3qm5y-uxsjhSNBrgB212UYCcuagKLRARKYrAx_VZQRziCEDBeQwDEb-d924rMr5pZA4p90wbJq6Xj-8U06-47byDs5_7aiGBzmNETnu_Q6G-pND_GCLZt0Ux9t_DF3GIFbtVq6U1LMCnkBLejnZYuqkemAH2egb-_wtPnXeSuzP3XVSMlv8IyhvO5BGbKlJRfamTFFunkHqlM6HPqOtFfGr95bjYDomWHxij5RCcuovAqQ-Sdo87OLs-JgWQIOP5ydrNh_Vg3Mt_Fz0znQEDE8zl_6C-aR6Th2P5c3Fjs9SujF8AOQ46Va35Ku0qVyOmgwRUHxUeMgZbps4WhAI4WG3r9F8oVfsWiwVcAmZx_7FDZ0pto6zAsFMAuA==?_z=6159541&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0 HTTP/1.1
Host: ossmightyenar.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Cookie: OAID=b19e1ce4528f41d8a263194f29ab5780
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:25:03 GMT
content-type: image/gif
content-length: 43
x-trace-id: 1abfc1e4106bfd7b0b7ef0157a3e9967
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offshuppetchan.com/impression/nwUhHqvnu3FmJEJHjo33t5nQ4DXlTbSdNZEZU0qMtckiKvsVOK1kUho230CM9IQ65jizC2VBiDVlMzzh6zN7GV85CXDpR3HnAUQrK11LxsGpYwGU5vHL7WIdOBPBjthhpgRjRxDI5S_YI1PgvhrJQBCE4zDgFC5AnUqhUL_kIXViGYw6Ww8Jidg5PNhkbiYY6NZor0I-EU0ZXHhiNdUYyJMtN3IkF8025589sdTpimtNgtZGho46m6VlnBrf9zqK8BiDTzDPVYH6supfJD1JvAWrGnA4tpZo66sxBW6QTPBZs7rZt_HWlcMWVGDGIxX1ju3cRECoVi-W3FC5cA7ynk6LBvucGnuvZTa4NQ5NV9ciii0jP8jwV8hgdPjAH9cL4pTaiiKfEMABYOsB2DfhlGXRDBQZbt6DdkUwwyalrfIIDSmAb9uojau5qv25taoLJQOIIfGUUU_bPAqhyFgG0mZe6r8oFTtQdrBG9cw7SV_ldD8QP454rwWJtJL-p5MwN7BCFunYOt40216fAuOODOrnkMediS1JsbLBlR26aMuC_ikI8i84qw9NuoMnEz-zf4ydLEOAlojy-KsAbFuLpkKAyLwB8foKtlQT1TK0jwU=?_z=6159539&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0

139.45.197.243

200 OK

43 B

URL GET HTTP/2
offshuppetchan.com/impression/nwUhHqvnu3FmJEJHjo33t5nQ4DXlTbSdNZEZU0qMtckiKvsVOK1kUho230CM9IQ65jizC2VBiDVlMzzh6zN7GV85CXDpR3HnAUQrK11LxsGpYwGU5vHL7WIdOBPBjthhpgRjRxDI5S_YI1PgvhrJQBCE4zDgFC5AnUqhUL_kIXViGYw6Ww8Jidg5PNhkbiYY6NZor0I-EU0ZXHhiNdUYyJMtN3IkF8025589sdTpimtNgtZGho46m6VlnBrf9zqK8BiDTzDPVYH6supfJD1JvAWrGnA4tpZo66sxBW6QTPBZs7rZt_HWlcMWVGDGIxX1ju3cRECoVi-W3FC5cA7ynk6LBvucGnuvZTa4NQ5NV9ciii0jP8jwV8hgdPjAH9cL4pTaiiKfEMABYOsB2DfhlGXRDBQZbt6DdkUwwyalrfIIDSmAb9uojau5qv25taoLJQOIIfGUUU_bPAqhyFgG0mZe6r8oFTtQdrBG9cw7SV_ldD8QP454rwWJtJL-p5MwN7BCFunYOt40216fAuOODOrnkMediS1JsbLBlR26aMuC_ikI8i84qw9NuoMnEz-zf4ydLEOAlojy-KsAbFuLpkKAyLwB8foKtlQT1TK0jwU=?_z=6159539&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectoffshuppetchan.com
Fingerprint9A:E3:1E:BF:DA:AD:98:88:60:4C:E5:A2:2D:41:E9:73:CF:17:70:00
ValidityTue, 01 Aug 2023 12:34:44 GMT - Mon, 30 Oct 2023 12:34:43 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/nwUhHqvnu3FmJEJHjo33t5nQ4DXlTbSdNZEZU0qMtckiKvsVOK1kUho230CM9IQ65jizC2VBiDVlMzzh6zN7GV85CXDpR3HnAUQrK11LxsGpYwGU5vHL7WIdOBPBjthhpgRjRxDI5S_YI1PgvhrJQBCE4zDgFC5AnUqhUL_kIXViGYw6Ww8Jidg5PNhkbiYY6NZor0I-EU0ZXHhiNdUYyJMtN3IkF8025589sdTpimtNgtZGho46m6VlnBrf9zqK8BiDTzDPVYH6supfJD1JvAWrGnA4tpZo66sxBW6QTPBZs7rZt_HWlcMWVGDGIxX1ju3cRECoVi-W3FC5cA7ynk6LBvucGnuvZTa4NQ5NV9ciii0jP8jwV8hgdPjAH9cL4pTaiiKfEMABYOsB2DfhlGXRDBQZbt6DdkUwwyalrfIIDSmAb9uojau5qv25taoLJQOIIfGUUU_bPAqhyFgG0mZe6r8oFTtQdrBG9cw7SV_ldD8QP454rwWJtJL-p5MwN7BCFunYOt40216fAuOODOrnkMediS1JsbLBlR26aMuC_ikI8i84qw9NuoMnEz-zf4ydLEOAlojy-KsAbFuLpkKAyLwB8foKtlQT1TK0jwU=?_z=6159539&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0 HTTP/1.1
Host: offshuppetchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Cookie: OAID=b19e1ce4528f41d8a263194f29ab5780
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:25:03 GMT
content-type: image/gif
content-length: 43
x-trace-id: 588b36ee7020fa0d66f379929fa76178
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg

104.22.32.172

200 OK

11 kB

URL GET HTTP/2
offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (10857 bytes)
Hash
c203639f459b6e675afc744dd5393fc6
c83a0142c1a7f6a07c2dd360243197a27f560932
64b4e386658d3f5764261f576a4673eb506fcad5e38e69ef085723f8dab72263

HTTP Headers

GET /www/images/c203639f459b6e675afc744dd5393fc6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 09:25:03 GMT
content-type: image/jpeg
content-length: 10857
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849a-2a69"
expires: Sun, 27 Aug 2023 08:23:16 GMT
last-modified: Thu, 01 Dec 2022 10:40:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 3707
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcb0679dea12e12-ARN
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1d3fe3bc196da14f80e4d84494304f01
4b105cd90d0e63966357856976976b787bf1e874
8c5d63654f963ea92506d442b03ca28a6423dbd1c9cb00647d9d1ff8c6c7b633

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Aug 2023 09:25:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT

File type
gzip compressed data, max compression\012- data
Size
1.3 kB (1267 bytes)
Hash
81d7557c0b4cb9269622f71a52b7d451
1d9ae82daa386049050c4b2275527f010d85465b
c2b9f3d156507e406b65c886ba272b739b3e84f3064040b92e2e817bda6c488c

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Aug 2023 09:25:03 GMT
date: Sat, 26 Aug 2023 09:25:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

offshuppetchan.com/500/6159539?excludes=16368911&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0

139.45.197.243

200 OK

0 B

URL OPTIONS HTTP/2
offshuppetchan.com/500/6159539?excludes=16368911&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectoffshuppetchan.com
Fingerprint9A:E3:1E:BF:DA:AD:98:88:60:4C:E5:A2:2D:41:E9:73:CF:17:70:00
ValidityTue, 01 Aug 2023 12:34:44 GMT - Mon, 30 Oct 2023 12:34:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6159539?excludes=16368911&oaid=b19e1ce4528f41d8a263194f29ab5780&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0 HTTP/1.1
Host: offshuppetchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:25:03 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f29e890a0278a507846c95d06b0f5164
e7b565ff812043605965d418efaf82ce52d10c32
9511accc424c81209b5982c2dc40de8ba53fd7fff32bee2ebf4a6c3dae434463

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Aug 2023 09:25:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f29e890a0278a507846c95d06b0f5164
e7b565ff812043605965d418efaf82ce52d10c32
9511accc424c81209b5982c2dc40de8ba53fd7fff32bee2ebf4a6c3dae434463

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Aug 2023 09:25:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint1B:14:11:9F:49:14:C3:A3:7C:87:B0:E1:5B:18:75:10:3D:2A:B3:72
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Aug 2023 04:50:55 GMT
expires: Fri, 23 Aug 2024 04:50:55 GMT
cache-control: public, max-age=31536000
age: 189248
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint1B:14:11:9F:49:14:C3:A3:7C:87:B0:E1:5B:18:75:10:3D:2A:B3:72
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Aug 2023 10:05:24 GMT
expires: Sat, 24 Aug 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 83979
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f29e890a0278a507846c95d06b0f5164
e7b565ff812043605965d418efaf82ce52d10c32
9511accc424c81209b5982c2dc40de8ba53fd7fff32bee2ebf4a6c3dae434463

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Aug 2023 09:25:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg

104.22.32.172

200 OK

13 kB

URL GET HTTP/2
offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
13 kB (13093 bytes)
Hash
1355aa125a385056845e0ee1d5384e9a
cfa5fd1b2dd6b299c0aecdf19fec3532ce4392ea
248797fff982ee400ab78ff6831182372f9ef8a6916364192ca0f30556577733

HTTP Headers

GET /www/images/1355aa125a385056845e0ee1d5384e9a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 09:25:03 GMT
content-type: image/jpeg
content-length: 13093
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849b-3325"
expires: Sat, 26 Aug 2023 10:40:56 GMT
last-modified: Thu, 01 Dec 2022 10:40:27 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81847
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcb067be8772e12-ARN
X-Firefox-Spdy: h2

offshuppetchan.com/impression/3vNMlfxdWM6gFd3D9JAGpNa-scOZvmfmVq7aPZ_T6bxO10XOKxCjxrh7YFWVZb9AApCkAbtWv7PQXBz0JCzkvhS4MoaV-Ah9G0xnkbGs_o_XHBME0bZzNqWy67fZ4R4ai5wn8XWCUlouTYgZN6lbspcuJs-3KZnKkBRQrkXU9NAhQIqHwSFelAQ2HNovpw3gJ_2uNX9nh0OO1W2o-l7uEj_pok_0ZGReA8Zd4audpaSghlyopd2L43lAl1g4-Ba59wsfrr9X5wdSiMsZbckEd7fo8FLn9wssTdTfAITfeAHXmL1F8d4GphEb1eUdbQqDnH0AE0vqvhB7jcOa79fyv2Vdv0Df1AeSPogvjv6bagejROUoxKMIB3oOPMIJPUB11eJ_SaXFmfibCSP0sN3zEaNSK6-26_CaJ4jadZ8mU0CdhCZZ4s097923xjz89C890u5t7Ahy-plxbcNORPi0FlMn1dKmNns_SGgXpqffCWNkSZiKvcEMZ5_Izkd2DN6tcbisE1H97X5zUF_g9YiA_c4SNiIDzIg6pbG8wbuxXD3GVmK1D1MY4RGGDUCSJZSnOQ4UZdMl152t4y4eUXeC_xZTGN_csiTVrrXFHr4xLgQ=?_z=6159539&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0

139.45.197.243

200 OK

43 B

URL GET HTTP/2
offshuppetchan.com/impression/3vNMlfxdWM6gFd3D9JAGpNa-scOZvmfmVq7aPZ_T6bxO10XOKxCjxrh7YFWVZb9AApCkAbtWv7PQXBz0JCzkvhS4MoaV-Ah9G0xnkbGs_o_XHBME0bZzNqWy67fZ4R4ai5wn8XWCUlouTYgZN6lbspcuJs-3KZnKkBRQrkXU9NAhQIqHwSFelAQ2HNovpw3gJ_2uNX9nh0OO1W2o-l7uEj_pok_0ZGReA8Zd4audpaSghlyopd2L43lAl1g4-Ba59wsfrr9X5wdSiMsZbckEd7fo8FLn9wssTdTfAITfeAHXmL1F8d4GphEb1eUdbQqDnH0AE0vqvhB7jcOa79fyv2Vdv0Df1AeSPogvjv6bagejROUoxKMIB3oOPMIJPUB11eJ_SaXFmfibCSP0sN3zEaNSK6-26_CaJ4jadZ8mU0CdhCZZ4s097923xjz89C890u5t7Ahy-plxbcNORPi0FlMn1dKmNns_SGgXpqffCWNkSZiKvcEMZ5_Izkd2DN6tcbisE1H97X5zUF_g9YiA_c4SNiIDzIg6pbG8wbuxXD3GVmK1D1MY4RGGDUCSJZSnOQ4UZdMl152t4y4eUXeC_xZTGN_csiTVrrXFHr4xLgQ=?_z=6159539&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectoffshuppetchan.com
Fingerprint9A:E3:1E:BF:DA:AD:98:88:60:4C:E5:A2:2D:41:E9:73:CF:17:70:00
ValidityTue, 01 Aug 2023 12:34:44 GMT - Mon, 30 Oct 2023 12:34:43 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/3vNMlfxdWM6gFd3D9JAGpNa-scOZvmfmVq7aPZ_T6bxO10XOKxCjxrh7YFWVZb9AApCkAbtWv7PQXBz0JCzkvhS4MoaV-Ah9G0xnkbGs_o_XHBME0bZzNqWy67fZ4R4ai5wn8XWCUlouTYgZN6lbspcuJs-3KZnKkBRQrkXU9NAhQIqHwSFelAQ2HNovpw3gJ_2uNX9nh0OO1W2o-l7uEj_pok_0ZGReA8Zd4audpaSghlyopd2L43lAl1g4-Ba59wsfrr9X5wdSiMsZbckEd7fo8FLn9wssTdTfAITfeAHXmL1F8d4GphEb1eUdbQqDnH0AE0vqvhB7jcOa79fyv2Vdv0Df1AeSPogvjv6bagejROUoxKMIB3oOPMIJPUB11eJ_SaXFmfibCSP0sN3zEaNSK6-26_CaJ4jadZ8mU0CdhCZZ4s097923xjz89C890u5t7Ahy-plxbcNORPi0FlMn1dKmNns_SGgXpqffCWNkSZiKvcEMZ5_Izkd2DN6tcbisE1H97X5zUF_g9YiA_c4SNiIDzIg6pbG8wbuxXD3GVmK1D1MY4RGGDUCSJZSnOQ4UZdMl152t4y4eUXeC_xZTGN_csiTVrrXFHr4xLgQ=?_z=6159539&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=3&sw_version=v1.290.0 HTTP/1.1
Host: offshuppetchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Cookie: OAID=b19e1ce4528f41d8a263194f29ab5780
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:25:06 GMT
content-type: image/gif
content-length: 43
x-trace-id: 31fc478164dafb41196e30b6bde34ec4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

eedsaung.net/1?z=6159540

139.45.197.242

200 OK

42 kB

URL GET HTTP/2
eedsaung.net/1?z=6159540
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjecteedsaung.net
Fingerprint39:1A:51:39:17:5B:6C:AA:21:3B:A2:96:D4:95:44:AB:8E:75:75:65
ValiditySun, 13 Aug 2023 02:55:57 GMT - Sat, 11 Nov 2023 02:55:56 GMT

File type
ASCII text, with very long lines (41828)
Size
42 kB (41884 bytes)
Hash
9f35b395defd3a687ef7f87bbf6f0061
71149160c36b440980814d708908d21503207948
353a67e70851fff980d2ddcec0936aff4ff7e23f0e447ee14e38e94fa9ea2e11

HTTP Headers

GET /1?z=6159540 HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 7579939c2a6808f431daa33b465342c6
access-control-expose-headers: X-Sc
x-sc: G7Meju3yn5ggTxnvZ91iK0A1bfgXdK0M2l6ue5igNcnGpfGQVoFvi3PwZGsAfcSHHLZ-UkiksKeZyQIy_mq2Ae6e07o=
set-cookie: scm=1; expires=Sun, 25 Aug 2024 09:24:58 GMT; secure; SameSite=None
OAID=33eed3fdfb614369850210052a2327a1; expires=Sun, 25 Aug 2024 09:24:58 GMT; secure; SameSite=None
oaidts=1693041898; expires=Sun, 25 Aug 2024 09:24:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

veepteero.com/?rb=MKf0_s9HqaFtAIZg6erlf7P8fL0hYOUdOi0ByCHeTUF0NRjORbsw3vFhjEZTqyLhhlGmlAkoUJbUU9AQ12JNe6ZXFtEGiAqBkNpsNAp6NH7_yCnq1PufTIYCKqvV1yqWkKUrCatMAJThSxKZ-7EG3YgLsurqFpF4BOHC6FWnxg53fvhAytYh2TA2ALNzAgdeQD71D7lJnaef3zSMeR7lcz0yo0-lfeSxCn4S8c7TijOska7F&request_ab2=150002&zoneid=6159538&js_build=iclick-v1.593.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.593.0&bs=95072d52-3424-44c2-8df9-a0b8b6c99c8f&userId=b19e1ce4528f41d8a263194f29ab5780&m=link

139.45.197.242

200 OK

2.1 kB

URL GET HTTP/2
veepteero.com/?rb=MKf0_s9HqaFtAIZg6erlf7P8fL0hYOUdOi0ByCHeTUF0NRjORbsw3vFhjEZTqyLhhlGmlAkoUJbUU9AQ12JNe6ZXFtEGiAqBkNpsNAp6NH7_yCnq1PufTIYCKqvV1yqWkKUrCatMAJThSxKZ-7EG3YgLsurqFpF4BOHC6FWnxg53fvhAytYh2TA2ALNzAgdeQD71D7lJnaef3zSMeR7lcz0yo0-lfeSxCn4S8c7TijOska7F&request_ab2=150002&zoneid=6159538&js_build=iclick-v1.593.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.593.0&bs=95072d52-3424-44c2-8df9-a0b8b6c99c8f&userId=b19e1ce4528f41d8a263194f29ab5780&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint18:8E:43:6B:DE:B9:D5:C4:32:24:60:6A:7A:AA:F1:EA:EF:54:81:13
ValidityThu, 27 Jul 2023 05:27:19 GMT - Wed, 25 Oct 2023 05:27:18 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2098), with no line terminators
Size
2.1 kB (2076 bytes)
Hash
06ef657151198ae251e48590852ee707
663312d8f301ac4aedb13755a33aea850e28d9f8
d1e7fbc2589f5ee694cbb544152e6f0791864fb9dcfc14ce9b9056a45f21f06f

HTTP Headers

GET /?rb=MKf0_s9HqaFtAIZg6erlf7P8fL0hYOUdOi0ByCHeTUF0NRjORbsw3vFhjEZTqyLhhlGmlAkoUJbUU9AQ12JNe6ZXFtEGiAqBkNpsNAp6NH7_yCnq1PufTIYCKqvV1yqWkKUrCatMAJThSxKZ-7EG3YgLsurqFpF4BOHC6FWnxg53fvhAytYh2TA2ALNzAgdeQD71D7lJnaef3zSMeR7lcz0yo0-lfeSxCn4S8c7TijOska7F&request_ab2=150002&zoneid=6159538&js_build=iclick-v1.593.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.593.0&bs=95072d52-3424-44c2-8df9-a0b8b6c99c8f&userId=b19e1ce4528f41d8a263194f29ab5780&m=link HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: OAID=b19e1ce4528f41d8a263194f29ab5780; oaidts=1693041898; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/json
x-trace-id: 3481eebcda9c22112d4b831e0f0b4635
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=b19e1ce4528f41d8a263194f29ab5780; expires=Sun, 25 Aug 2024 09:24:58 GMT; path=/; secure; SameSite=None
oaidts=1693041898; expires=Sun, 25 Aug 2024 09:24:58 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 02 Sep 2023 09:24:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

atlaq.com/style.css

104.21.64.58

200 OK

49 kB

URL GET HTTP/3
atlaq.com/style.css
IP
104.21.64.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintE5:D5:36:95:0B:CC:BE:A5:14:34:09:36:2E:4B:F0:D3:17:3E:5D:E9
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (49091), with no line terminators
Size
49 kB (49091 bytes)
Hash
1dc4998a41131ac5df41ae820c7f583c
227aa907d96a66d38f5073700d2d8c5e1262187c
1f807cd9d5d8475f4ec107c17a62318927277940eb8bfe1d386ec97ad4cb9f57

HTTP Headers

GET /style.css HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 09:24:57 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
cf-bgj: minify
alt-svc: h3=":443"; ma=86400
expires: Sat, 09 Sep 2023 13:28:22 GMT
last-modified: Tue, 25 Oct 2022 04:42:27 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1367795
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELibkA1xKQY3CdDl53motRRSfIELNlB4FpqNil5vFEzm8LGeMKT7SGLG9BeCwDr%2F3aw53Oq4%2BLADHMP1AC3Ckty6B%2BLo%2FBY2sPJPV%2FBM7NPuqr3SnUJFqmKzBDA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcb06547f211c0e-OSL
content-encoding: br

region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je38n0&_p=998857451&_gaz=1&cid=762720776.1693041889&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1693041889&sct=1&seg=0&dl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&dt=Origin-Steam.su%20-%20%D0%98%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82-%D0%BC%D0%B0%D0%B3%D0%B0%D0%B7%D0%B8%D0%BD%20%D0%BB%D0%B8%D1%86%D0%B5%D0%BD%D0%B7%D0%B8%D0%BE%D0%BD%D0%BD%D1%8B%D1%85%20%D0%BA%D0%BB%D1%8E%D1%87%D0%B5%D0%B9%20%D0%B8%20%D0%B0%D0%BA%D0%BA%D0%B0%D1%83%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B4%D0%BB%D1%8F%20STEAM%2C%20Origin%2C%20Epic%20Games%2C%20Battle.net%2C%20Uplay%2C%20Minecraft%20%D0%B8%20%D0%B4%D1%80%D1%83%D0%B3%D0%B8%D1%85%20%D0%BF%D0%BB%D0%B0%D1%82%D1%84%D0%BE%D1%80%D0%BC.&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je38n0&_p=998857451&_gaz=1&cid=762720776.1693041889&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1693041889&sct=1&seg=0&dl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&dt=Origin-Steam.su%20-%20%D0%98%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82-%D0%BC%D0%B0%D0%B3%D0%B0%D0%B7%D0%B8%D0%BD%20%D0%BB%D0%B8%D1%86%D0%B5%D0%BD%D0%B7%D0%B8%D0%BE%D0%BD%D0%BD%D1%8B%D1%85%20%D0%BA%D0%BB%D1%8E%D1%87%D0%B5%D0%B9%20%D0%B8%20%D0%B0%D0%BA%D0%BA%D0%B0%D1%83%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B4%D0%BB%D1%8F%20STEAM%2C%20Origin%2C%20Epic%20Games%2C%20Battle.net%2C%20Uplay%2C%20Minecraft%20%D0%B8%20%D0%B4%D1%80%D1%83%D0%B3%D0%B8%D1%85%20%D0%BF%D0%BB%D0%B0%D1%82%D1%84%D0%BE%D1%80%D0%BC.&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint4E:35:EC:AC:A4:3A:09:F9:F3:9A:26:43:94:A7:BA:2C:01:54:DA:12
ValidityMon, 07 Aug 2023 12:16:40 GMT - Mon, 30 Oct 2023 12:16:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je38n0&_p=998857451&_gaz=1&cid=762720776.1693041889&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1693041889&sct=1&seg=0&dl=https%3A%2F%2Forigin-steam.su.atlaq.com%2F&dt=Origin-Steam.su%20-%20%D0%98%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82-%D0%BC%D0%B0%D0%B3%D0%B0%D0%B7%D0%B8%D0%BD%20%D0%BB%D0%B8%D1%86%D0%B5%D0%BD%D0%B7%D0%B8%D0%BE%D0%BD%D0%BD%D1%8B%D1%85%20%D0%BA%D0%BB%D1%8E%D1%87%D0%B5%D0%B9%20%D0%B8%20%D0%B0%D0%BA%D0%BA%D0%B0%D1%83%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B4%D0%BB%D1%8F%20STEAM%2C%20Origin%2C%20Epic%20Games%2C%20Battle.net%2C%20Uplay%2C%20Minecraft%20%D0%B8%20%D0%B4%D1%80%D1%83%D0%B3%D0%B8%D1%85%20%D0%BF%D0%BB%D0%B0%D1%82%D1%84%D0%BE%D1%80%D0%BC.&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://origin-steam.su.atlaq.com
date: Sat, 26 Aug 2023 09:24:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ossmightyenar.net/401/6159541

139.45.197.245

200 OK

91 kB

URL GET HTTP/2
ossmightyenar.net/401/6159541
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectossmightyenar.net
Fingerprint89:EC:F1:57:D9:26:12:A9:CC:05:D3:1E:4E:79:2D:F3:D1:18:10:7D
ValidityThu, 22 Jun 2023 14:45:58 GMT - Wed, 20 Sep 2023 14:45:57 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
91 kB (90657 bytes)
Hash
77be623beeff232d99ca4fc7a39b9691
3cf8bb8549b92dc0f25e46306d6809d3da8939c5
9f6c7b16eb82aceda460a7abfe326c374563dc0545811cd391cde26ae2220f70

HTTP Headers

GET /401/6159541 HTTP/1.1
Host: ossmightyenar.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/javascript
x-trace-id: a63199eb796105a4f5430e240e9689bd
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=cc06cee010fe489abb4004089de04ef3; expires=Sun, 25 Aug 2024 09:24:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=762720776.1693041889&gtm=45je38n0&aip=1&z=323616911

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=762720776.1693041889&gtm=45je38n0&aip=1&z=323616911
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint8A:30:93:B0:68:79:39:92:0E:45:81:07:28:61:81:CD:74:6E:46:1D
ValidityMon, 07 Aug 2023 12:24:35 GMT - Mon, 30 Oct 2023 12:24:34 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=762720776.1693041889&gtm=45je38n0&aip=1&z=323616911 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 26 Aug 2023 09:24:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

longcheer.com/favicon.ico

0.0.0.0

0 B

URL GET
longcheer.com/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://origin-steam.su.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: longcheer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

ibrapush.com/pfe/current/tag.min.js?z=6159542

139.45.197.250

200 OK

13 kB

URL GET HTTP/2
ibrapush.com/pfe/current/tag.min.js?z=6159542
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint95:01:CF:2E:40:B2:C2:03:4A:2C:93:C9:7E:2F:8D:85:D2:37:71:29
ValidityWed, 07 Jun 2023 04:50:57 GMT - Tue, 05 Sep 2023 04:50:56 GMT

File type
C source, ASCII text, with very long lines (13230), with no line terminators
Size
13 kB (13230 bytes)
Hash
cd01f2b7da7996709957b31c108ef9b8
3f48286f19a3416452c726e7b04524cb1b865ffb
269d0eea1e138083cfde292d58bfdc07160d075c31e381913db9c473d6751db4

HTTP Headers

GET /pfe/current/tag.min.js?z=6159542 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/javascript
last-modified: Wed, 23 Aug 2023 12:45:57 GMT
etag: W/"64e5ff85-33ae"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

172.67.207.224

200 OK

18 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.207.224:443
ASN
#13335 CLOUDFLARENET

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint42:15:A6:1F:C2:2C:D5:FF:32:2C:B9:6C:84:A6:86:63:B0:45:C5:20
ValidityMon, 07 Aug 2023 17:09:01 GMT - Sun, 05 Nov 2023 17:09:00 GMT

File type
ASCII text, with very long lines (17479), with no line terminators
Size
18 kB (17479 bytes)
Hash
dd2f9f2bb1e1c74b905556d0a7bc5545
0c831c8c56da8167b9e2dfd1d3eb3288348da85d
63f957dde1ae04a83eaff7e442e693725562c4aa1062bc072b7509640ec4f663

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:43:59 GMT
etag: W/"646736cf-4447"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2958
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oltVuEncAApRlkggLhIwK0duHksr0wPv%2FQiecKBmnsYqHVqhOmP462Uz%2BhzHir7yXRN4qjN2PpCcu5n0xc%2F6J%2FyCXdGsBRiYJsBaFQ%2BSIt%2BagNQ7EzuPLQ7iG4V%2FBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcb06596df9b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pa18.com/favicon.ico

0.0.0.0

0 B

URL GET
pa18.com/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://origin-steam.su.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pa18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

eedsaung.net/27/17de61080ae6c4070bb3e0689b73465f

139.45.197.242

200 OK

412 kB

URL GET HTTP/2
eedsaung.net/27/17de61080ae6c4070bb3e0689b73465f
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjecteedsaung.net
Fingerprint39:1A:51:39:17:5B:6C:AA:21:3B:A2:96:D4:95:44:AB:8E:75:75:65
ValiditySun, 13 Aug 2023 02:55:57 GMT - Sat, 11 Nov 2023 02:55:56 GMT

File type
ASCII text, with very long lines (65523)
Size
412 kB (412402 bytes)
Hash
b23ef9e3b161391286cf4b25e3d8caf1
ecdf456dadfc78865fa79035c638986d56f115c1
0a5b76c2c4870d1a9c047ccf65a824ccc977b49eab02cd0f405bb937ea3d1ff7

HTTP Headers

GET /27/17de61080ae6c4070bb3e0689b73465f HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Cookie: scm=1; OAID=b19e1ce4528f41d8a263194f29ab5780; oaidts=1693041898
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 4094b359d8e7170fa2fc7f34967c0c40
cache-control: max-age:290304000, public
last-modified: Fri, 25 Aug 2023 06:36:53 GMT
expires: Fri, 24 Sep 2083 06:36:53 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

offshuppetchan.com/400/6159539

139.45.197.243

200 OK

81 kB

URL GET HTTP/2
offshuppetchan.com/400/6159539
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectoffshuppetchan.com
Fingerprint9A:E3:1E:BF:DA:AD:98:88:60:4C:E5:A2:2D:41:E9:73:CF:17:70:00
ValidityTue, 01 Aug 2023 12:34:44 GMT - Mon, 30 Oct 2023 12:34:43 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
81 kB (81001 bytes)
Hash
cf51f7e332719c1f8ab1b70bb4548612
240205e3ef88b2463950b7f2b52c96d5edfb02b3
e328bd48dc405d31674629a918e7cfa589ba91f38bf8d101e059c42c65e785c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/6159539 HTTP/1.1
Host: offshuppetchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/javascript
x-trace-id: ce47109b97255657f23218abae24264b
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=e2ce10a0d4c94691b96a9d00347bd87a; expires=Sun, 25 Aug 2024 09:24:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=origin-steam.su

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=origin-steam.su
IP
0.0.0.0:0
ASN
#0

Requested by
https://origin-steam.su.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=origin-steam.su HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

rmlt.com.cn/favicon.ico

0.0.0.0

0 B

URL GET
rmlt.com.cn/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://origin-steam.su.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rmlt.com.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

veepteero.com/5/6159538/?abt_opts=1&js_build=iclick-v1.593.0&userId=b19e1ce4528f41d8a263194f29ab5780

139.45.197.242

200 OK

2.8 kB

URL GET HTTP/2
veepteero.com/5/6159538/?abt_opts=1&js_build=iclick-v1.593.0&userId=b19e1ce4528f41d8a263194f29ab5780
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint18:8E:43:6B:DE:B9:D5:C4:32:24:60:6A:7A:AA:F1:EA:EF:54:81:13
ValidityThu, 27 Jul 2023 05:27:19 GMT - Wed, 25 Oct 2023 05:27:18 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3021), with no line terminators
Size
2.8 kB (2781 bytes)
Hash
eaf3392d7c8831878f59739cf730d48c
e9c1f6b1b7ba0de287f9729a66605c6b2f10e357
935477bf8e9d3e3da3f27c13860da901e302ba2553d4e0a93dd9d1b340d8bbc3

HTTP Headers

GET /5/6159538/?abt_opts=1&js_build=iclick-v1.593.0&userId=b19e1ce4528f41d8a263194f29ab5780 HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/json
x-trace-id: 093589a82c2caabd7cbf8f0e6314ce0c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=b19e1ce4528f41d8a263194f29ab5780; expires=Sun, 25 Aug 2024 09:24:58 GMT; path=/; secure; SameSite=None
oaidts=1693041898; expires=Sun, 25 Aug 2024 09:24:58 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 02 Sep 2023 09:24:58 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=origin-steam.su

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=origin-steam.su
IP
0.0.0.0:0
ASN
#0

Requested by
https://origin-steam.su.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=origin-steam.su HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://origin-steam.su.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

origin-steam.su.atlaq.com/

104.21.64.58

200 OK

53 kB

URL User Request GET HTTP/2
origin-steam.su.atlaq.com/
IP
104.21.64.58:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintE5:D5:36:95:0B:CC:BE:A5:14:34:09:36:2E:4B:F0:D3:17:3E:5D:E9
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type

Size
53 kB (52891 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: origin-steam.su.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 09:24:57 GMT
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Mon, 25 Sep 2023 09:24:51 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jqEdHNJ7yPB0NyAuI9Ivm%2FPSdkae0J7n1yy2ZKnBKMt14RV%2Bm08m8cHU6BuzmTGg52pekNsPIbhStWtDveKvzk%2BNBxRiI2G69qlviuhYjTRFDkqtVBLgijKY44K2Jgv4DAjB0c5InRr8oD2J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcb064eef21b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/universal.min.js?v=3.1.453

139.45.197.250

200 OK

88 kB

URL GET HTTP/2
ibrapush.com/pfe/current/universal.min.js?v=3.1.453
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://origin-steam.su.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint95:01:CF:2E:40:B2:C2:03:4A:2C:93:C9:7E:2F:8D:85:D2:37:71:29
ValidityWed, 07 Jun 2023 04:50:57 GMT - Tue, 05 Sep 2023 04:50:56 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87463 bytes)
Hash
00733ae1c66905901e4158441dc1814e
a52b10de1db854988efec5e04d91e161b4d13d86
01ae7e39d77f7a086c60b8c4d6845c4d752717e31efe2afb538d024dd760c26c

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.453 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://origin-steam.su.atlaq.com/
Origin: https://origin-steam.su.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 09:24:58 GMT
content-type: application/javascript
last-modified: Wed, 23 Aug 2023 12:45:57 GMT
etag: W/"64e5ff85-155a7"
access-control-allow-origin: https://origin-steam.su.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash