csgopolygon.plg4.com
Open in
urlscan Pro
2606:4700:3036::6815:119b
Malicious Activity!
Public Scan
Effective URL: https://csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specs...
Submission: On April 26 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by GTS CA 1P5 on April 25th 2023. Valid for: 3 months.
This is the only time csgopolygon.plg4.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Steam (Gaming)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3033::ac43:b10f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 2606:4700:303... 2606:4700:3036::6815:119b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
plg4.com
1 redirects
csgopolygon.plg4.com |
210 KB |
11 | 1 |
Domain | Requested by | |
---|---|---|
12 | csgopolygon.plg4.com |
1 redirects
csgopolygon.plg4.com
|
11 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
plg4.com GTS CA 1P5 |
2023-04-25 - 2023-07-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenidnet/auth/20openidrealmhttps/authplgcom/openidreturntohttps/authplgcom/processopenId/error.html
Frame ID: C27CA6614C1E660C15EC7A2A48D78FB9
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Steam CommunityPage URL History Show full URLs
-
http://csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopen...
HTTP 301
https://csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopen... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenidnet/auth/20openidrealmhttps/authplgcom/openidreturntohttps/authplgcom/processopenId/error.html
HTTP 301
https://csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenidnet/auth/20openidrealmhttps/authplgcom/openidreturntohttps/authplgcom/processopenId/error.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
error.html
csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenid... Redirect Chain
|
544 B 778 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s.js
csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenid... |
536 KB 174 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
btn_header_installsteam_download.png
csgopolygon.plg4.com/assets/s/img/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
btn_arrow_down_padded.png
csgopolygon.plg4.com/assets/s/img/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
MotivaSans-Regular.ttf
csgopolygon.plg4.com/assets/s/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
header_menu_hamburger.png
csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenid... |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
header_logo.png
csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenid... |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_steam.svg
csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenid... |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sits_landing.png
csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenid... |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
throbber.gif
csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenid... |
3 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
footerLogo_valve.png
csgopolygon.plg4.com/openid/login/openidclaimedidhttp/specsopenidnet/auth/20/identifierselectopenididentityhttp/specsopenidnet/auth/20/identifierselectopenidmodecheckidsetupopenidnshttp/specsopenid... |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Steam (Gaming)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless string| $fDomain string| $domainToLogin function| gj_0x3bf0 function| gj_0x2d78 function| $changeLanguage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
csgopolygon.plg4.com
2606:4700:3033::ac43:b10f
2606:4700:3036::6815:119b
0c4d1b66cbed8c0ba7bfe1d047409e80b99684794ba66e9556503890eae17f2d
483ed1c78b7394366985110fe15e4aaf941882427515e5dfe7f582827a15378c
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
6120498916e1430571ec75eda25e0fea8687f4ab8212b6af5a359af8fb52ab66
61b11d8eb338e7a1891425599de30cf395172cd581c334fb555f14fd7cfe5edf
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1
c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa