urlscan.io logo urlscan.io
SecurityTrails logo

play-gamer.com Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://play-gamer.com/authe.php
Submission: On December 03 via manual from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is play-gamer.com.
TLS certificate: Issued by GTS CA 1P5 on December 2nd 2023. Valid for: 3 months.
This is the only time play-gamer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

IP Address AS Autonomous System
2 2a06:98c1:312... 13335 (CLOUDFLAR...)
6 2606:4700:303... 13335 (CLOUDFLAR...)
8 3
Apex Domain
Subdomains		 Transfer
6 numclock.info
numclock.info
1 KB
2 play-gamer.com
play-gamer.com
428 KB
8 2
Domain Requested by
6 numclock.info play-gamer.com
2 play-gamer.com play-gamer.com
8 2

This site contains links to these domains. Also see Links.

Domain
store.steampowered.com
steamcommunity.com
help.steampowered.com
Subject Issuer Validity Valid
play-gamer.com
GTS CA 1P5		 2023-12-02 -
2024-03-01		 3 months crt.sh
numclock.info
GTS CA 1P5		 2023-10-06 -
2024-01-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://play-gamer.com/authe.php
Frame ID: E8517D7024BC0B5EB3FF282EDC78E4CF
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

430 kB
Transfer

1301 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authe.php
play-gamer.com/ 		51 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://play-gamer.com/authe.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.18
Resource Hash
b86108b28c1b56aa5192e2d9851c5f436b3968770af2673673fefc2c7a2900db
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82fabaf59e339be0-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Sun, 03 Dec 2023 09:19:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
platform
hostinger
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oEEdnVD%2FogYVm5y2gOAwRXlLwZCwMrk9yJ44ADNf7FIm%2FqWl9%2BxhUZ1YmdvzICAYUQ0jjuGAyTvlW%2BhEmQ8cs70bl2Pgedqo%2B5HDzI65sGgTY2K9TcISbFkS%2FW0zmQ9TVzaTzfDpUJ3r%2BS9uVg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/8.1.18
x-turbo-charged-by
LiteSpeed
1i4scfhfowc2.js
play-gamer.com/assets/ 		1 MB
399 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://play-gamer.com/assets/1i4scfhfowc2.js
Requested by
Host: play-gamer.com
URL: https://play-gamer.com/authe.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fc14bff07dcdd10f5fec5fcea9c0df4bf1afd0b54b846dcd3171995f26c4c46
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://play-gamer.com/authe.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 09:19:50 GMT
content-security-policy
upgrade-insecure-requests
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Sun, 03 Dec 2023 05:45:57 GMT
server
cloudflare
etag
W/"10d87b-656c1615-2616f7355e2cb2e2;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=udarnXmlKFVciUe%2FuH9wStZ6brRifg5awxS0oPdpOy72Z%2F961YvMiH1fkzvqE3XwyS%2BuLHlyNpCHoikNkSDlnvFjzrWBFMlzc39drgdmGn8UUFep17GTmBJr3tI7aZtIFOy58jEFirCuP5AseQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
platform
hostinger
cf-ray
82fabaf67f0c9be0-FRA
expires
Sun, 10 Dec 2023 09:19:51 GMT
djuhscjydokifwmurkmsjsdgqcqaldwubtdjiymqisyegn
numclock.info/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://numclock.info/djuhscjydokifwmurkmsjsdgqcqaldwubtdjiymqisyegn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://play-gamer.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82fabaf85dcf9bb2-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 03 Dec 2023 09:19:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NKWSX77%2Bn2LLr9YK3rAfl%2FweqLTA1uES5KOxO8FBP7a2QHzeiHwn3mbwUuk2DNg8VGypXIpgoDo%2BDtMnpiKkxt0FB8m%2FRWdsNTNdHtQrQq8SO3KB%2BJySjo%2FAp6HZ04qgr8nC844TEHfGye1i"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
djuhscjydokifwmurkmsjsdgqcqaldwubtdjiymqisyegn
numclock.info/ 		48 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://numclock.info/djuhscjydokifwmurkmsjsdgqcqaldwubtdjiymqisyegn
Requested by
Host: play-gamer.com
URL: https://play-gamer.com/assets/1i4scfhfowc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fd6f9892bcfb29fb8340afc78669b3c406fc3f947c881485ff298d4da358e55b

Request headers

Accept
application/json, text/plain, */*
Referer
https://play-gamer.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 03 Dec 2023 09:19:51 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"30-sSwnF97JYCYLlw6JOVkPy1i8iCU"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0akkemiFfnqSiU1d2UeTMNJnTnsrfNv4RBvS13PiH1NXKhzC%2FhMmLj9zIpTLZduCb3ckkIR4qTCPDfuFhUBt6i%2BeItGdgeHYwRpeq4Kbc1S0VdHqnrixxYduRmVMR%2FUzPrlAfZmvWlgr%2FfT6"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cf-ray
82fabaf93e999bb2-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=86400
truncated
/ 		291 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		61 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		122 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		33 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/png
cugvhgruevkycuvlk
numclock.info/ 		70 B
574 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://numclock.info/cugvhgruevkycuvlk
Requested by
Host: play-gamer.com
URL: https://play-gamer.com/assets/1i4scfhfowc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4e0b5c8e4470ec9100806aaf100044d73030e900cc8a13f6ba40e3b83c9ac730

Request headers

Accept
application/json, text/plain, */*
Referer
https://play-gamer.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 03 Dec 2023 09:19:52 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"46-GTDeePPsV+VDitmVT+6YMWDsgtA"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eEx115FQmOOgqr4CmM41J%2BlM3uWFZM1JGetGU4FiKxbakNenH30QKsPKKy8qwF0AxBf6nWs5XP3c1nevWlIbCSLx9%2FSXK5so7kisPMczS%2BX3Nd1ayfM1%2FPqLylg7whDm6Np4eMNCjjD2Ylt7"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cf-ray
82fabafaf91b2c59-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=86400
cugvhgruevkycuvlk
numclock.info/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://numclock.info/cugvhgruevkycuvlk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://play-gamer.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82fabafa28102c59-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 03 Dec 2023 09:19:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCowKeRCA19ZaekTc3GyZ%2BNHEWlIX6OASPCUeHWCwaWbjB2%2B%2FfrBvzm%2BrTwhMHn5otAi2ATsKgx6RsH39YqLfAqbVCtYO%2BIH%2FhRqWphbsmBSf%2B%2FPnUlyORGdwProqJfTe4pI100jhYAvLdgv"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
cjefhzhbevvrcxkyk
numclock.info/ 		12 B
517 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://numclock.info/cjefhzhbevvrcxkyk
Requested by
Host: play-gamer.com
URL: https://play-gamer.com/assets/1i4scfhfowc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e

Request headers

Accept
application/json, text/plain, */*
Referer
https://play-gamer.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 03 Dec 2023 09:19:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"c-W8b47RZH5mUQPFFL7w2Ud28rDAA"
x-powered-by
Express
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KNMjEQUWKq5Hw2hDwd%2BUYcycnHUpQY%2BHClO%2BJQ1BRkfIl6z67h8RsDKmY4OG53txrCeH%2BaIFaS9YMzLjgbYS1hTcQNIXuWYwUgShrEEqmY84OqHx%2F9Dj8Rmqs4PSlrMXVourdOtrEwNgEjg5"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cf-ray
82fabb0e4de02c59-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
12
alt-svc
h3=":443"; ma=86400
cjefhzhbevvrcxkyk
numclock.info/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://numclock.info/cjefhzhbevvrcxkyk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://play-gamer.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82fabb0ddd702c59-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 03 Dec 2023 09:19:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cCTIQliAfU9O6WHEdWchMsw3dePSIs0gBRt%2Bt62emO592CTIRdS0%2BBf%2BFd1ce4mzkISNy03dTnOk7BXiockagIKmGFxBXqNpazeV881CuW8RB29jhFRFiJqwtrOvsKkTppyVUkuaIBbiDIGl"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| m0_0xa2c0 function| m0_0x3eb0 function| cl

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests