steambirthday.ru Open in urlscan Pro
185.106.93.161 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://steambirthday.ru/
Submission Tags: https://phish.report @phish_report Search All
Submission: On July 28 via api (July 28th 2023, 4:25:34 pm UTC) from FI — Scanned from FI

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 15 HTTP transactions. The main IP is 185.106.93.161, located in Moscow Oblast, Russian Federation and belongs to GALAXY-AS, RU. The main domain is steambirthday.ru.
TLS certificate: Issued by R3 on July 14th 2023. Valid for: 3 months.

This is the only time steambirthday.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
6	185.106.93.161 185.106.93.161	211409 (GALAXY-AS) (GALAXY-AS)
2	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
4	104.18.28.2 104.18.28.2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
15	5

6 185.106.93.161 (Moscow Oblast, Russian Federation)

ASN211409 (GALAXY-AS, RU)

steambirthday.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.28.2 (None, )

ASN13335 (CLOUDFLARENET, US)

store.cloudflare.steamstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	steambirthday.ru steambirthday.ru	45 KB
4	steamstatic.com store.cloudflare.steamstatic.com — Cisco Umbrella Rank: 23744	495 KB
2	gstatic.com fonts.gstatic.com	74 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 372	48 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 79	2 KB
15	5

	Domain	Requested by
6	steambirthday.ru	steambirthday.ru
4	store.cloudflare.steamstatic.com	steambirthday.ru
2	fonts.gstatic.com	fonts.googleapis.com
2	cdn.jsdelivr.net	steambirthday.ru
1	fonts.googleapis.com	steambirthday.ru
15	5

This site contains no links.

Subject Issuer	Validity	Valid
steambirthday.ru R3	`2023-07-14` - `2023-10-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://steambirthday.ru/
Frame ID: DA55AD453C2B265952FCE1C4AF1ABC3F
Requests: 7 HTTP requests in this frame

Frame: https://steambirthday.ru/6ulug6zmdgf/
Frame ID: D0EDECBA0A6F2E93EA090CFA17C0F93F
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Steam Birthday

Detected technologies

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

15
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

664 kB
Transfer

830 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
steambirthday.ru/ 4 KB
2 KB 548ms
78ms Document
text/html 185.106.93.161
GALAXY-AS

General

Check archive.org

Download Go to

Full URL: https://steambirthday.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.93.161 Moscow Oblast, Russian Federation, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software: /
Resource Hash: dc36a7c91e7800b228aeaa06f4ea1c46da8bac47077955eaac2173d6d2559c46

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000
content-encoding: gzip
content-type: text/html
date: Fri, 28 Jul 2023 16:25:29 GMT

GET
H2 200 react.production.min.js Show response
cdn.jsdelivr.net/npm/react@18.2.0/umd/ 10 KB
5 KB 139ms
45ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/react@18.2.0/umd/react.production.min.js

Requested by

Host: steambirthday.ru
URL: https://steambirthday.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b4969fa4ef3594324da2c6d78ce8766fbbc2fd121fff395aedf997db0a99a06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://steambirthday.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 16:25:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2072870
x-jsd-version: 18.2.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230087-FRA, cache-jnb7021-JNB
x-jsd-version-type: version
server: cloudflare
etag: W/"29f1-mAiaM9DPL6Sz4bqbfuubi6Csgqc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iNYPP3gZocD7pBaZRsQ1q9Zk0IFRSl9Pu%2BHJ%2Bwj43Yn1sQdGsqXcJVlsx%2BYSeXjA9xNCncBJnUgQPY6mgvIpye4r2%2BHBXinuZzKQIfhy4GKFSbsnFHJASGXjm6VL%2FWQZgUObSRF6162FNWIgJYI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7ede7a7ad83ad92e-HEL

GET
H2 200 react-dom.production.min.js Show response
cdn.jsdelivr.net/npm/react-dom@18.2.0/umd/ 129 KB
43 KB 145ms
51ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/react-dom@18.2.0/umd/react-dom.production.min.js

Requested by

Host: steambirthday.ru
URL: https://steambirthday.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21758ed084cd0e37e735722ee4f3957ea960628a29dfa6c3ce1a1d47a2d6e4f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://steambirthday.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 16:25:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2072870
x-jsd-version: 18.2.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230095-FRA, cache-jnb7021-JNB
x-jsd-version-type: version
server: cloudflare
etag: W/"2032a-UG2RAMqgcABaiQvUlt5kxDfW0Ag"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTFiHtDqTvrC2KICXQbn3imf2LrY5S%2Byd1YScVNKfuw7JpygB5Mwxo9wJ47uPh9zJJ4E%2Fj4S7FbF1kW7d0YZVkdNlsKaqntbSkCCysX4tHziphqjK2CPJDXlxfy3td%2BPgvjgrzY23uHVYfT1pfE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7ede7a7ad840d92e-HEL

GET
H2 200 n9kteoznwd.min.js Show response
steambirthday.ru/assets/8xi72y8g95h/ 20 KB
10 KB 79ms
78ms Script
application/javascript 185.106.93.161
GALAXY-AS

General

Check archive.org

Download Go to

Full URL: https://steambirthday.ru/assets/8xi72y8g95h/n9kteoznwd.min.js
Requested by: Host: steambirthday.ru
URL: https://steambirthday.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.93.161 Moscow Oblast, Russian Federation, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software: /
Resource Hash: 403b3c10fd640ef62f4765a7bc4bcc4b69f5674f5d1e0bdb8925c5c604699ba3

Request headers

Referer: https://steambirthday.ru/
Origin: https://steambirthday.ru
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 16:25:29 GMT
content-encoding: gzip
last-modified: Fri, 28 Jul 2023 16:20:18 GMT
alt-svc: h3=":443"; ma=2592000
etag: W/"64c3eac2-502a"
content-type: application/javascript

GET
H2 200 7596aeaciwdyj5p886p.css
steambirthday.ru/assets/xel4rc649x/ 5 KB
2 KB 77ms
77ms Stylesheet
text/css 185.106.93.161
GALAXY-AS

General

Check archive.org

Download Go to

Full URL: https://steambirthday.ru/assets/xel4rc649x/7596aeaciwdyj5p886p.css
Requested by: Host: steambirthday.ru
URL: https://steambirthday.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.93.161 Moscow Oblast, Russian Federation, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software: /
Resource Hash: 7596aeac338b2f8e9568d0cbd1bbda1d411e9a2e9c48936f1c1b4c9ca9af459e

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://steambirthday.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 16:25:29 GMT
content-encoding: gzip
last-modified: Fri, 28 Jul 2023 16:20:18 GMT
alt-svc: h3=":443"; ma=2592000
etag: W/"64c3eac2-1387"
content-type: text/css

POST
H2 200 / Show response
steambirthday.ru/6ulug6zmdgf/ Frame D0ED 6 KB
2 KB 147ms
147ms Document
text/html 185.106.93.161
GALAXY-AS

General

Check archive.org

Download Go to

Full URL: https://steambirthday.ru/6ulug6zmdgf/
Requested by: Host: steambirthday.ru
URL: https://steambirthday.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.93.161 Moscow Oblast, Russian Federation, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software: /
Resource Hash: f98a071711f5dad9587475c011ec255b370bc22406197d536ce61577863d1481

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://steambirthday.ru
Referer: https://steambirthday.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000
content-encoding: gzip
content-type: text/html
date: Fri, 28 Jul 2023 16:25:30 GMT

POST
H2 200 / Show response
steambirthday.ru/api/getsiteconfig/ 678 B
527 B 148ms
147ms Fetch
application/json 185.106.93.161
GALAXY-AS

General

Check archive.org

Download Go to

Full URL: https://steambirthday.ru/api/getsiteconfig/
Requested by: Host: steambirthday.ru
URL: https://steambirthday.ru/assets/8xi72y8g95h/n9kteoznwd.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.93.161 Moscow Oblast, Russian Federation, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software: /
Resource Hash: f7a5a9c27596a239d68bf106e80be596ae6ecf3676646daa2c50f4dec7770e80

Request headers

Referer: https://steambirthday.ru/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json;charset=utf-8

Response headers

date: Fri, 28 Jul 2023 16:25:30 GMT
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000
content-type: application/json; charset=utf-8

GET
H2 200 fcff4301iwdyj5p886p.woff2
steambirthday.ru/assets/xel4rc649x/ 28 KB
29 KB 76ms
76ms Font
font/woff2 185.106.93.161
GALAXY-AS

General

Check archive.org

Download Go to

Full URL: https://steambirthday.ru/assets/xel4rc649x/fcff4301iwdyj5p886p.woff2
Requested by: Host: steambirthday.ru
URL: https://steambirthday.ru/assets/xel4rc649x/7596aeaciwdyj5p886p.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.93.161 Moscow Oblast, Russian Federation, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software: /
Resource Hash: fcff4301dc083af2be2b990bb6485e9e06ce9d2b373a7acf8a74f61ea69d861a

Request headers

Referer: https://steambirthday.ru/assets/xel4rc649x/7596aeaciwdyj5p886p.css
Origin: https://steambirthday.ru
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 16:25:30 GMT
last-modified: Fri, 28 Jul 2023 16:20:18 GMT
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
etag: "64c3eac2-71b0"
content-length: 29104
content-type: font/woff2

GET
H2 200 css
fonts.googleapis.com/ Frame D0ED 57 KB
2 KB 216ms
79ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i

Requested by

Host: steambirthday.ru
URL: https://steambirthday.ru/6ulug6zmdgf/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

529bfa0862dd286b64d87ac5b933e50b2351a96743a2697671afd147454fdaf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://steambirthday.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Jul 2023 16:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 28 Jul 2023 16:22:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Jul 2023 16:25:30 GMT

GET
H2 200 logo_steam.svg
store.cloudflare.steamstatic.com/public/shared/images/header/ Frame D0ED 4 KB
2 KB 140ms
45ms Image
image/svg+xml 104.18.28.2
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://store.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Requested by: Host: steambirthday.ru
URL: https://steambirthday.ru/6ulug6zmdgf/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.2 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://steambirthday.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 16:25:30 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 04:07:11 GMT
server: cloudflare
age: 5690
etag: W/"649bb1ef-e64"
vary: Accept-Encoding
x-cache: MISS
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7ede7a7d38279908-ARN

GET
H2 200 steamcards_cards_02.png
store.cloudflare.steamstatic.com/public/images/gift/ Frame D0ED 487 KB
488 KB 138ms
47ms Image
image/png 104.18.28.2
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://store.cloudflare.steamstatic.com/public/images/gift/steamcards_cards_02.png
Requested by: Host: steambirthday.ru
URL: https://steambirthday.ru/6ulug6zmdgf/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.2 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b742f628cbe7bf577c82994d01f4a25312c3ba38e01232197f8b282fc48c833

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://steambirthday.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 16:25:30 GMT
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 04:07:18 GMT
server: cloudflare
age: 1461
etag: "649bb1f6-79bc3"
vary: Accept-Encoding
x-cache: MISS
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 7ede7a7d38299908-ARN
content-length: 498627

GET
H2 200 footerLogo_valve_new.png
store.cloudflare.steamstatic.com/public/images/ Frame D0ED 3 KB
3 KB 134ms
44ms Image
image/png 104.18.28.2
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://store.cloudflare.steamstatic.com/public/images/footerLogo_valve_new.png
Requested by: Host: steambirthday.ru
URL: https://steambirthday.ru/6ulug6zmdgf/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.2 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8bbe461137d50211568449468a1981ef189248200eadd48c3141a9df0b8f7fc

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://steambirthday.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 16:25:30 GMT
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 04:07:18 GMT
server: cloudflare
age: 436
etag: "649bb1f6-a18"
vary: Accept-Encoding
x-cache: MISS
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 7ede7a7d382b9908-ARN
content-length: 2584

GET
H2 200 logo_steam_footer.png
store.cloudflare.steamstatic.com/public/images/v6/ Frame D0ED 3 KB
3 KB 132ms
42ms Image
image/png 104.18.28.2
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://store.cloudflare.steamstatic.com/public/images/v6/logo_steam_footer.png
Requested by: Host: steambirthday.ru
URL: https://steambirthday.ru/6ulug6zmdgf/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.2 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 399f74c4e69eac8b59b149293f9a573955fef0a62b242cfa70346070013e0966

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://steambirthday.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 16:25:30 GMT
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 04:07:22 GMT
server: cloudflare
age: 3105
etag: "649bb1fa-b1b"
vary: Accept-Encoding
x-cache: MISS
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 7ede7a7d382c9908-ARN
content-length: 2843

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ Frame D0ED 47 KB
48 KB 193ms
60ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steambirthday.ru
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 09:46:03 GMT
x-content-type-options: nosniff
age: 196767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Jul 2024 09:46:03 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
fonts.gstatic.com/s/opensans/v35/ Frame D0ED 26 KB
26 KB 279ms
149ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

600130a0fc244c82240330b3d0e4d9a592ca6523cf0509f16e3e1a3da0eebbab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steambirthday.ru
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 06:15:33 GMT
x-content-type-options: nosniff
age: 554997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26616
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 06:15:33 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			steambirthday.ru/	1969-12-31 23:59:59	Name: token Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsaW5rX2lkIjoyNzU0OTIsImlhdCI6MTY5MDU2MTUyOSwiZXhwIjoxNjkwNTY1MTI5fQ.nINxg6vzzweALhb_BY6Vpg4hKQIDVaR5wFsF2E0xctA
			steambirthday.ru/	1969-12-31 23:59:59	Name: hash Value: 2gk

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
steambirthday.ru
store.cloudflare.steamstatic.com
104.18.28.2
185.106.93.161
2606:4700::6810:5514
2a00:1450:4001:800::200a
2a00:1450:4001:828::2003
1b742f628cbe7bf577c82994d01f4a25312c3ba38e01232197f8b282fc48c833
21758ed084cd0e37e735722ee4f3957ea960628a29dfa6c3ce1a1d47a2d6e4f7
399f74c4e69eac8b59b149293f9a573955fef0a62b242cfa70346070013e0966
403b3c10fd640ef62f4765a7bc4bcc4b69f5674f5d1e0bdb8925c5c604699ba3
4b4969fa4ef3594324da2c6d78ce8766fbbc2fd121fff395aedf997db0a99a06
529bfa0862dd286b64d87ac5b933e50b2351a96743a2697671afd147454fdaf8
600130a0fc244c82240330b3d0e4d9a592ca6523cf0509f16e3e1a3da0eebbab
7596aeac338b2f8e9568d0cbd1bbda1d411e9a2e9c48936f1c1b4c9ca9af459e
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb
d8bbe461137d50211568449468a1981ef189248200eadd48c3141a9df0b8f7fc
dc36a7c91e7800b228aeaa06f4ea1c46da8bac47077955eaac2173d6d2559c46
f7a5a9c27596a239d68bf106e80be596ae6ecf3676646daa2c50f4dec7770e80
f98a071711f5dad9587475c011ec255b370bc22406197d536ce61577863d1481
fcff4301dc083af2be2b990bb6485e9e06ce9d2b373a7acf8a74f61ea69d861a

steambirthday.ru Open in urlscan Pro 185.106.93.161 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

5 IPs

4 Countries

664 kBTransfer

830 kBSize

2 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

2 Cookies

Indicators

steambirthday.ru Open in urlscan Pro
185.106.93.161 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

664 kB
Transfer

830 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!