steamapi.xpaw.me Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://steamapi.xpaw.me/
Effective URL:
https://steamapi.xpaw.me/
Submission: On May 13 via api (May 13th 2024, 2:45:00 pm UTC) from US — Scanned from NL

Summary HTTP 12 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is steamapi.xpaw.me.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 19th 2024. Valid for: 10 months.

This is the only time steamapi.xpaw.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address		AS Autonomous System
12	188.114.97.3 188.114.97.3		13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2

12 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

steamapi.xpaw.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	xpaw.me steamapi.xpaw.me	51 KB
12	1

	Domain	Requested by
12	steamapi.xpaw.me	steamapi.xpaw.me
12	1

This site contains links to these domains. Also see Links.

Domain
xpaw.me
steamcommunity.com
steamdb.info
github.com

Subject Issuer	Validity	Valid
steamapi.xpaw.me Cloudflare Inc ECC CA-3	`2024-02-19` - `2024-12-31`	10 months	crt.sh

This page contains 1 frames:

Primary Page: https://steamapi.xpaw.me/
Frame ID: E6DBC9A9DAB642C4EED31CCE46ECBEE3
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Steam Web API Documentation and Tester

Page URL History Show full URLs

http://steamapi.xpaw.me/ HTTP 307
https://steamapi.xpaw.me/ Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

51 kB
Transfer

861 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://xpaw.me/
Title: xPaw

Search URL Search Domain Scan URL

URL: https://steamcommunity.com/dev/apikey
Title: Get your key here

Search URL Search Domain Scan URL

URL: https://steamdb.info/calculator/
Title: Get your id here

Search URL Search Domain Scan URL

URL: https://github.com/xPaw/SteamWebAPIDocumentation/blob/master/api_undocumented_methods.txt
Title: make a pull request to the file of undocumented APIs

Search URL Search Domain Scan URL

URL: https://github.com/xPaw/SteamWebAPIDocumentation
Title: is also available on GitHub

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://steamapi.xpaw.me/ HTTP 307
https://steamapi.xpaw.me/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
steamapi.xpaw.me/
Redirect Chain

http://steamapi.xpaw.me/
https://steamapi.xpaw.me/

2 KB
1 KB

144ms
98ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steamapi.xpaw.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2e7116c0bce4149bae319a499bfc78ad7e1bb147fff79cc0895c15585b466d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 88336de5cb9d422a-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 13 May 2024 14:44:55 GMT
link: <api.json>; rel="preload"; as=fetch, <documentation.js>; rel="preload"; as=script
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BOCpoPk0FkALFLV1HAHXkSdcg8H7e9es9fIdnBGvsVBYLWOplFoHX%2FojwvlamdmXUFAgpDeo9bLEzsLD%2FtyRmM1EAeZos1tcuzEO6v%2Bmzz%2FyOnlYgMgZWLmZxuCwSxsqRwep"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

Location: https://steamapi.xpaw.me/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 api.json
steamapi.xpaw.me/ 482 KB
452 B 28ms
27ms Other
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steamapi.xpaw.me/api.json

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2be5760971cf5849c3ef401e3b570c752c4888a7b87d0b3b818ab7532f8fcb08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://steamapi.xpaw.me/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"2b460faa0f46e80b770a972ee53bf257"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hIh0p6Twpfq4fGkRKLOqF3sCo0ysIGwXTJME9kCP5vCS%2BmvSALAvM2d1JoV0PxkaWy5GI2Aa6M9wM1L6ANfPuJBL9JVY%2FBd8hn2p9rvWyEW5tZrXvDgQ7UcBYXPuyvB0f0bH"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88336de66bf4422a-AMS

GET
H3 200 documentation.js Show response
steamapi.xpaw.me/ 113 KB
506 B 21ms
20ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steamapi.xpaw.me/documentation.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2eb5df226be7dff904f445c2354fea8372b3265a4445435f7336122a554f1b8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://steamapi.xpaw.me/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"5f619ec458e5e20717f95be7966b1485"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N97m0RDHEILkT637VTFWb5RMlMhdDUrn3s9W69j9AZepn04frmR6yy60c3bl7FZUJERa9xEt7Ff8HHXIWZzQrmsvZ8hoj0%2BvVKbbWmIZQnNYA5RTJ3zDatnvWlr3HfAVqtYP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88336de66bf6422a-AMS

GET
H3 200 style.css
steamapi.xpaw.me/ 232 KB
35 KB 59ms
59ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steamapi.xpaw.me/style.css

Requested by

Host: steamapi.xpaw.me
URL: https://steamapi.xpaw.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74fa3033d7a15ce74260eb7e2bcc422c6ba227db0c412f7f19f777599bd87eaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-polished: origSize=238168
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"9522e75129e697813020c9d0cbccc1ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2hKIN9Ed%2FRcGCYRFxtiIo0l2AmEqO2ovtaXcFyNh2QTsKGVYqIs8lytV%2FcGnM42WjYrRPVbw8MtM6hgw4SAuprwxAI2KEONQPm5bxgSiCfWeet0JeTT%2BSM%2Bakbk8bQ1zxbDTfd8n47TyUHoXeAUq"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88336de66bf5422a-AMS

GET
H3 200 steam.jpg
steamapi.xpaw.me/icons/ 1 KB
2 KB 50ms
49ms Image
image/jpeg 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamapi.xpaw.me/icons/steam.jpg

Requested by

Host: steamapi.xpaw.me
URL: https://steamapi.xpaw.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da7b1fe4fc9f33ef174cb9080d42c4c0edc39523c55a61edf342441950ff898

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1446
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "1fd8088062632550d04c67188d6a2c5c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HoDV1VQ62oVV4J3tZB0jmrZYQFTXXf5FjaOKuAKgNI%2Fx8t43IpCZMQLnvmfdxs%2FLXPkYjNka8mRlDyGXoNs9aBhosPrDuN4BHn8W%2FuLz2CBnL%2Fa%2BfeYtzWe5qfL02i1rVNap"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 88336de6fc32422a-AMS

GET
H3 200 csgo.jpg
steamapi.xpaw.me/icons/ 1 KB
2 KB 46ms
44ms Image
image/jpeg 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamapi.xpaw.me/icons/csgo.jpg

Requested by

Host: steamapi.xpaw.me
URL: https://steamapi.xpaw.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b13ba298064a23f96a0cae5c50b57347457cd3bba2c1f6c6ee05e4c8ca291f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1354
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "62b875dd6f6eba73698cc269557fc391"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eNIJMLSx%2Bwd%2BUKIg4KcEAa6Fbo8D25EV3JZsTjK8lK7cahuM9nilvQVT2a3R%2FgXd7U23sS7c3mtwLWfeIKS%2B75ytQ89l1ceJA%2Bb7gqMd20kpOOL37AbA5GJ8yYONUmh3qG24FQCAU%2B%2FNc6zateCW"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 88336de6fc33422a-AMS

GET
H3 200 dota.jpg
steamapi.xpaw.me/icons/ 1 KB
2 KB 55ms
53ms Image
image/jpeg 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamapi.xpaw.me/icons/dota.jpg

Requested by

Host: steamapi.xpaw.me
URL: https://steamapi.xpaw.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3520b13dd1a7954829eb15cd6abafce4f908ea5c624b9de40c25ccaeff74f87b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1210
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "16b7fc9fbaf530a3db4aa61877123c88"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x3HP1VYGq1hvF2ewJtSAs%2F7VLJaEW7%2BiZOBEue%2FbTP7JuP8qyZS0nRlUqsEHK66FWq3Y6ocj7BRqbRMsAn90WPpU30fFxpFvojC5oCwiHHVHjFW3kZVDwKF1SnI1OdyYQ3Km"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 88336de6fc34422a-AMS

GET
H3 200 tf.jpg
steamapi.xpaw.me/icons/ 2 KB
3 KB 52ms
50ms Image
image/jpeg 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamapi.xpaw.me/icons/tf.jpg

Requested by

Host: steamapi.xpaw.me
URL: https://steamapi.xpaw.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53648fe9b8c9e64ac7a756bc1a7931b6ea6524cafb7ad6a86ea0631c0c5bec42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 2082
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "34bd29119eb6342aa4e1ed73ad99e3ee"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T5c7mYY5Z1%2FqGMfQiXU8XfzD4s7WAnu90JAz0nk2GxYqFNPyNkFYZJtBApd9KbwDPsAowkxH2KsxWtllyQNkY%2BfNg5SkocB%2FVc57Bc%2F9sX%2FmPedmJjAh5Qy1ujc9%2FJDx5sWU"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 88336de6fc35422a-AMS

GET
H3 200 portal2.jpg
steamapi.xpaw.me/icons/ 1 KB
2 KB 42ms
40ms Image
image/jpeg 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamapi.xpaw.me/icons/portal2.jpg

Requested by

Host: steamapi.xpaw.me
URL: https://steamapi.xpaw.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70dab714bd3bea77707ff573e367087630a6ad3ab34af9eda9c01430b28f6c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1246
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "120a5448c38fc5b31a3066f48340147f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ufSvQLgZzqpmfGfX0znORTQVHzK8bbz%2F1d3M6nQTrQaHkpfFs7Xe4j8TelGJGsltNgUxkKVeV5Ew%2BKA7JKwq5T1NES%2BiYXR3LX%2FeigYKqXb1XS2gMQINrRGMOD1qOkSgu52glOPcHpW4lPiMAiz9"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 88336de6fc36422a-AMS

GET
H3 200 underlords.jpg
steamapi.xpaw.me/icons/ 735 B
1 KB 53ms
52ms Image
image/jpeg 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamapi.xpaw.me/icons/underlords.jpg

Requested by

Host: steamapi.xpaw.me
URL: https://steamapi.xpaw.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ac476a3190e1acf720674aab801f9d582dcb6335f37a38675f466f61a48b541

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 735
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "7dc36a78f6c105e2a644a6eaa4a7b5ce"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qs3z%2FwQx8lCn0CTKV%2FA%2Bm2b8zLTjHWIjTxWV5t3074MapybVkJFMMdYEX%2F7STrFjV1qjMr9SIz34VrAOlfzlkThGl5Jj1PFWyPopUQODdH9v9tDWBtzm2pI%2FcfGrNTjqSC43"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 88336de6fc37422a-AMS

GET
H3 200 artifact.jpg
steamapi.xpaw.me/icons/ 959 B
1 KB 61ms
60ms Image
image/jpeg 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamapi.xpaw.me/icons/artifact.jpg

Requested by

Host: steamapi.xpaw.me
URL: https://steamapi.xpaw.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b362f9ce1c4714362af349ad76bb048bc85a6c8f5428c38a936dec282e965f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 959
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "1ebaf3bdf0697be1ea11d083b7cbb79a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LrYouVZaXKqGSwdnDRhiR7wjv%2BUti6RqXAcGEP11PVB%2BluTnlZU6UPp5paT7btLz8eOIcRBJb2%2B8cMgMvuIRS8ztZ4ZDQVCo6SeZLeG1Ga0c8ov0d8gOVHpU5qwqFyU1tX8x"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 88336de6fc38422a-AMS

GET
DATA 200
OK truncated
/ 264 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ece2e95e0833a3ca202d786151532f388ff73be29ea66334534ed1fa597dfd7d

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 183 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8c89b0459ec4d6069037002ff5d824395ff37dbf866bc4298fce22d336b182a

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 favicon.ico
steamapi.xpaw.me/ 22 KB
952 B 60ms
59ms Other
image/vnd.microsoft.icon 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steamapi.xpaw.me/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba6e052db9a09b52ea357a4b14a9670cdade4b535f35501a3e7247078505eea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:44:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"530e0617504155e1b34e2d77043f9629"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=slZBPWy3rb62Bu%2FisbA%2BtL9ibqTflB8LiMArH%2BzlyzVJEk5VPGiI33%2BrW0a3%2B38m%2F7kipzpvOSPpFK7jBcoT8U8D62NzviPHo6S1Zf5EoeLTsvBklGH2m8pjwvsKCHSEEXwq"}],"group":"cf-nel","max_age":604800}
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88336de7ecab422a-AMS

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ boolean| __VUE__

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://steamapi.xpaw.me/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://steamapi.xpaw.me/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

steamapi.xpaw.me
188.114.97.3
0da7b1fe4fc9f33ef174cb9080d42c4c0edc39523c55a61edf342441950ff898
2be5760971cf5849c3ef401e3b570c752c4888a7b87d0b3b818ab7532f8fcb08
2eb5df226be7dff904f445c2354fea8372b3265a4445435f7336122a554f1b8a
3520b13dd1a7954829eb15cd6abafce4f908ea5c624b9de40c25ccaeff74f87b
3ac476a3190e1acf720674aab801f9d582dcb6335f37a38675f466f61a48b541
53648fe9b8c9e64ac7a756bc1a7931b6ea6524cafb7ad6a86ea0631c0c5bec42
70dab714bd3bea77707ff573e367087630a6ad3ab34af9eda9c01430b28f6c01
74fa3033d7a15ce74260eb7e2bcc422c6ba227db0c412f7f19f777599bd87eaf
9b362f9ce1c4714362af349ad76bb048bc85a6c8f5428c38a936dec282e965f3
b13ba298064a23f96a0cae5c50b57347457cd3bba2c1f6c6ee05e4c8ca291f37
b2e7116c0bce4149bae319a499bfc78ad7e1bb147fff79cc0895c15585b466d4
ba6e052db9a09b52ea357a4b14a9670cdade4b535f35501a3e7247078505eea7
d8c89b0459ec4d6069037002ff5d824395ff37dbf866bc4298fce22d336b182a
ece2e95e0833a3ca202d786151532f388ff73be29ea66334534ed1fa597dfd7d

steamapi.xpaw.me Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

51 kBTransfer

861 kBSize

0 Cookies

5 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

steamapi.xpaw.me Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

51 kB
Transfer

861 kB
Size

0
Cookies

12 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!