play-gamer.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://play-gamer.com/authe.php
Submission: On December 11 via manual (December 11th 2023, 2:11:09 pm UTC) from RU — Scanned from NL

Summary HTTP 8 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is play-gamer.com.
TLS certificate: Issued by GTS CA 1P5 on December 2nd 2023. Valid for: 3 months.

This is the only time play-gamer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:303... 2606:4700:3035::ac43:ca02	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	3

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

play-gamer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3035::ac43:ca02 (United States)

ASN13335 (CLOUDFLARENET, US)

numclock.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	numclock.info numclock.info	1 KB
2	play-gamer.com play-gamer.com	428 KB
8	2

	Domain	Requested by
6	numclock.info	play-gamer.com
2	play-gamer.com	play-gamer.com
8	2

This site contains links to these domains. Also see Links.

Domain
store.steampowered.com
steamcommunity.com
help.steampowered.com

Subject Issuer	Validity	Valid
play-gamer.com GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
numclock.info GTS CA 1P5	`2023-12-05` - `2024-03-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://play-gamer.com/authe.php
Frame ID: A9D54E77A988D1D47181BFB8E624C316
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

430 kB
Transfer

1301 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://store.steampowered.com/
Title: STORE

Search URL Search Domain Scan URL

URL: https://steamcommunity.com/
Title: COMMUNITY

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/about/
Title: ABOUT

Search URL Search Domain Scan URL

URL: https://help.steampowered.com/
Title: SUPPORT

Search URL Search Domain Scan URL

URL: https://help.steampowered.com/wizard/HelpWithLogin
Title: Help, I can't sign in

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/mobile
Title: Steam Mobile App

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/join
Title: Join Steam

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request authe.php Show response
play-gamer.com/ 51 KB
30 KB 152ms
73ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://play-gamer.com/authe.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.1.18

Resource Hash

b86108b28c1b56aa5192e2d9851c5f436b3968770af2673673fefc2c7a2900db

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 833e508ebde09012-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 14:11:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
platform: hostinger
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cRpnawrTl%2Fq4WX2dFpmxhZLDok5ECiLgCnP5UQoqT6Wf5JI6%2FYjznAEFkIbHRBSM0EBqjLzYapEbkXjrX07gcHbLXB6XbcJdZw2pITvvDHolJwJY1cO3ful80Vsi6ewwCwXapsUb9I%2FekzWS9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/8.1.18
x-turbo-charged-by: LiteSpeed

GET
H2 200 1i4scfhfowc2.js Show response
play-gamer.com/assets/ 1 MB
399 KB 35ms
35ms Script
application/x-javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://play-gamer.com/assets/1i4scfhfowc2.js

Requested by

Host: play-gamer.com
URL: https://play-gamer.com/authe.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fc14bff07dcdd10f5fec5fcea9c0df4bf1afd0b54b846dcd3171995f26c4c46

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://play-gamer.com/authe.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 14:11:04 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 184901
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 03 Dec 2023 05:45:57 GMT
server: cloudflare
etag: W/"10d87b-656c1615-2616f7355e2cb2e2;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNQAZCQRDktuC7YFEbx430a69M5M7%2FNPjBFz24zU7BzGwm2SyRGC5e%2FFrBYAGPUcN1bC5uF3jy9yXDfkH1JReINjTrtni1RIIaFDM17DF4mdsF86AcWWtFyRKt3%2Fu%2B5RfVrqDqxPw0EhkjMnHg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
platform: hostinger
cf-ray: 833e508f8eb39012-FRA
expires: Sat, 16 Dec 2023 10:49:23 GMT

OPTIONS
H2 200 dxfbqwhyrotgwecmpemjhiqdcgxazdeyktahibvknbneln
numclock.info/ 0
0 235ms
139ms Preflight
text/html 2606:4700:3035::ac43:ca02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://numclock.info/dxfbqwhyrotgwecmpemjhiqdcgxazdeyktahibvknbneln
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://play-gamer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 833e5090fa6a2bce-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 11 Dec 2023 14:11:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yGSyEFPs3XjItyq0PnPWeWn7YMfKf2wOApHE511AZiQGFj6b74kNA52LfV5sUev8tpmageaQJYDzgt%2FQFYqQ9Tnj5Hmmm4e%2FjxhGCPcuD5Oi6v29cnOVxj%2BB0R6CtSQ2bExHz9AHuVh8HffS"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

POST
H2 200 dxfbqwhyrotgwecmpemjhiqdcgxazdeyktahibvknbneln Show response
numclock.info/ 48 B
401 B 128ms
127ms XHR
application/json 2606:4700:3035::ac43:ca02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://numclock.info/dxfbqwhyrotgwecmpemjhiqdcgxazdeyktahibvknbneln
Requested by: Host: play-gamer.com
URL: https://play-gamer.com/assets/1i4scfhfowc2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6bc8413bbb253deee76b8e1e4f9c11696445f4c997b6cdb3ddbb1abd3016e780

Request headers

Accept: application/json, text/plain, */*
Referer: https://play-gamer.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 11 Dec 2023 14:11:04 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"30-7vJUX5Gxk+L3LueAVi1lylYNV14"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=enwGXArlRGsDyXb1QtuCBA6MMwQnQhePAUrO45PStDihpRXZNDY%2BRnGjnSA0qTzklhxxf9wK9ZgBg2PpWz48nTnG40BIuvLjL6zZL0sN0pex%2FBiTLD52xPogCGH4YcoP4W284kXI2YxnzDFq"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 833e5091eb892bce-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 291 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 61 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 122 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 33 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 ctpkhaghegmhctcbk Show response
numclock.info/ 70 B
580 B 852ms
851ms XHR
application/json 2606:4700:3035::ac43:ca02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://numclock.info/ctpkhaghegmhctcbk
Requested by: Host: play-gamer.com
URL: https://play-gamer.com/assets/1i4scfhfowc2.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f93f77d4a80514304fa440b1e92f8fd6bf061befeab4200ad52f35c1f7b49283

Request headers

Accept: application/json, text/plain, */*
Referer: https://play-gamer.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 11 Dec 2023 14:11:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"46-oZsQWAnWJWaP1LC0f0RaytAuU7w"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NXMtRrfiycm8tAvwaFSKoYyOp%2FAyWdPIN%2B%2BIubT7T9JBtm0yZNqjZUGM2EGfpRB0iDqQq13%2FuJv%2FgGFPijW1wzZSGmaAbmJ%2F5nrLwDsjWQWEQ9PgCD%2FbJw7ym4CQyKcc06JIjBDVu4iDfKyg"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 833e5093bf9f9186-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 ctpkhaghegmhctcbk
numclock.info/ 0
0 133ms
132ms Preflight
text/html 2606:4700:3035::ac43:ca02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://numclock.info/ctpkhaghegmhctcbk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://play-gamer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 833e5092de7e9186-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 11 Dec 2023 14:11:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eGgCZ0Tf7kp0jlxeSD%2F1vo1N0bnPe0vjPYMGhc70EL7sJmR4cAqHE%2Bdm76GKAJBgJ4FZTUUPbd%2FTFZB8k%2F4e3eJEO8CyrQ3PaeQEoi4t1gqmzaxMQiXluJjE20PgkM3BNsiPHZDpyDcFxKbR"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

POST
H3 200 cgjxhosaeeljcyodk Show response
numclock.info/ 12 B
513 B 128ms
128ms XHR
application/json 2606:4700:3035::ac43:ca02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://numclock.info/cgjxhosaeeljcyodk
Requested by: Host: play-gamer.com
URL: https://play-gamer.com/assets/1i4scfhfowc2.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e

Request headers

Accept: application/json, text/plain, */*
Referer: https://play-gamer.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 11 Dec 2023 14:11:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"c-W8b47RZH5mUQPFFL7w2Ud28rDAA"
x-powered-by: Express
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OhTagnKdURAPPvBYPsVNYmu0OcdeY7ZIuK3R3i5bEzl9vBpL%2BXUDhrkdu31H%2B40v%2Brl3vHPW7Ko5DaPpcmXvgISbvRfbFYGSQxGzcyr74Psbyt7MuHu8%2FdakEUEg9hsiJr0t265tmk6VXvrW"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 833e50a60bdc9186-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 12
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 cgjxhosaeeljcyodk
numclock.info/ 0
0 82ms
81ms Preflight
text/html 2606:4700:3035::ac43:ca02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://numclock.info/cgjxhosaeeljcyodk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://play-gamer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 833e50a58b2d9186-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 11 Dec 2023 14:11:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ill6k4r1S42Et850XXHyG3YO56aTeMIp82JGEOuK2fSwGrkNYfEfQfRk1TiXbKHLXXb%2B014sapJlSX5qy9%2B6TULxRK5h63pLAkKSlIA27JAmdXfEgQzO2iL7PhFhnk2ZHjtAcQVSrpwYeTxg"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| m0_0xa2c0 function| m0_0x3eb0 function| cl

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

numclock.info
play-gamer.com
2606:4700:3035::ac43:ca02
2a06:98c1:3121::3
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27
4fc14bff07dcdd10f5fec5fcea9c0df4bf1afd0b54b846dcd3171995f26c4c46
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
6bc8413bbb253deee76b8e1e4f9c11696445f4c997b6cdb3ddbb1abd3016e780
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1
b86108b28c1b56aa5192e2d9851c5f436b3968770af2673673fefc2c7a2900db
f93f77d4a80514304fa440b1e92f8fd6bf061befeab4200ad52f35c1f7b49283
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

play-gamer.com Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

430 kBTransfer

1301 kBSize

0 Cookies

7 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

play-gamer.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

430 kB
Transfer

1301 kB
Size

0
Cookies

8 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!