play-gamer.com
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Submission: On December 03 via manual from US — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on December 2nd 2023. Valid for: 3 months.
This is the only time play-gamer.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Steam (Gaming)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 2606:4700:303... 2606:4700:3035::ac43:ca02 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
numclock.info
numclock.info |
1 KB |
2 |
play-gamer.com
play-gamer.com |
428 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
6 | numclock.info |
play-gamer.com
|
2 | play-gamer.com |
play-gamer.com
|
8 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
store.steampowered.com |
steamcommunity.com |
help.steampowered.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
play-gamer.com GTS CA 1P5 |
2023-12-02 - 2024-03-01 |
3 months | crt.sh |
numclock.info GTS CA 1P5 |
2023-10-06 - 2024-01-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://play-gamer.com/authe.php
Frame ID: E8517D7024BC0B5EB3FF282EDC78E4CF
Requests: 12 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Title: STORE
Search URL Search Domain Scan URL
Title: COMMUNITY
Search URL Search Domain Scan URL
Title: ABOUT
Search URL Search Domain Scan URL
Title: SUPPORT
Search URL Search Domain Scan URL
Title: Help, I can't sign in
Search URL Search Domain Scan URL
Title: Steam Mobile App
Search URL Search Domain Scan URL
Title: Join Steam
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
authe.php
play-gamer.com/ |
51 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1i4scfhfowc2.js
play-gamer.com/assets/ |
1 MB 399 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
djuhscjydokifwmurkmsjsdgqcqaldwubtdjiymqisyegn
numclock.info/ |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
djuhscjydokifwmurkmsjsdgqcqaldwubtdjiymqisyegn
numclock.info/ |
48 B 402 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
291 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
61 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
122 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
33 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
cugvhgruevkycuvlk
numclock.info/ |
70 B 574 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
cugvhgruevkycuvlk
numclock.info/ |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
cjefhzhbevvrcxkyk
numclock.info/ |
12 B 517 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
cjefhzhbevvrcxkyk
numclock.info/ |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Steam (Gaming)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| m0_0xa2c0 function| m0_0x3eb0 function| cl0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
numclock.info
play-gamer.com
2606:4700:3035::ac43:ca02
2a06:98c1:3120::3
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27
4e0b5c8e4470ec9100806aaf100044d73030e900cc8a13f6ba40e3b83c9ac730
4fc14bff07dcdd10f5fec5fcea9c0df4bf1afd0b54b846dcd3171995f26c4c46
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1
b86108b28c1b56aa5192e2d9851c5f436b3968770af2673673fefc2c7a2900db
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa
fd6f9892bcfb29fb8340afc78669b3c406fc3f947c881485ff298d4da358e55b