urlscan.io logo urlscan.io
SecurityTrails logo

www.wegamer-play.com Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.wegamer-play.com/authe.php
Submission: On January 09 via automatic, source openphish — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.wegamer-play.com.
TLS certificate: Issued by GTS CA 1P5 on November 16th 2023. Valid for: 3 months.
This is the only time www.wegamer-play.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

IP Address AS Autonomous System
2 2a06:98c1:312... 13335 (CLOUDFLAR...)
6 2606:4700:303... 13335 (CLOUDFLAR...)
8 3
Apex Domain
Subdomains		 Transfer
6 numclock.info
numclock.info
1 KB
2 wegamer-play.com
www.wegamer-play.com
428 KB
8 2
Domain Requested by
6 numclock.info www.wegamer-play.com
2 www.wegamer-play.com www.wegamer-play.com
8 2

This site contains links to these domains. Also see Links.

Domain
store.steampowered.com
steamcommunity.com
help.steampowered.com
Subject Issuer Validity Valid
wegamer-play.com
GTS CA 1P5		 2023-11-16 -
2024-02-14		 3 months crt.sh
numclock.info
GTS CA 1P5		 2023-12-05 -
2024-03-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.wegamer-play.com/authe.php
Frame ID: 65C57475015C6F82FD371160346DB934
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

430 kB
Transfer

1301 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authe.php
www.wegamer-play.com/ 		51 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.wegamer-play.com/authe.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.18
Resource Hash
4fbd8b6e9b6f9795f048d9bfa64012e97c6c04c73999337eada3d963a04e843c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8428dfa78e1b0e84-AMS
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Tue, 09 Jan 2024 01:23:13 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
platform
hostinger
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UdRNsb6BWowyx409%2FAizuJtjYAq5VDGUOGNs1iq3whRn4aQ2EWmdA%2BhjsiPFWL12u322zzTIYLESTaUXNP2YQHbq7bb4mzKKSmDQnpmHypSxyQpL%2FxW%2Bzad7aEBeRh0FzvaGXUx9jPqZzarqWS%2Fp%2B39KCw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/8.1.18
x-turbo-charged-by
LiteSpeed
1i4scfhfowc2.js
www.wegamer-play.com/assets/ 		1 MB
399 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.wegamer-play.com/assets/1i4scfhfowc2.js
Requested by
Host: www.wegamer-play.com
URL: https://www.wegamer-play.com/authe.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fc14bff07dcdd10f5fec5fcea9c0df4bf1afd0b54b846dcd3171995f26c4c46
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.wegamer-play.com/authe.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 01:23:13 GMT
content-security-policy
upgrade-insecure-requests
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 18 Dec 2023 13:19:55 GMT
server
cloudflare
etag
W/"10d87b-658046fb-c3a19cf14bc05758;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vx55t2D4W7UamcY1ngwdobDLdkJKZDq77FEoGG%2FqNd8nXt%2B9Tvxb4OJLlqrI3OOM3GyjGHWvEAsNrD4NUUtPc1gjeSwhMU1qHsdN641%2FeCJB%2BKB55uV9rMKr9ynH9%2FqNs%2BYibi%2FwLQ%2FYhOEkQQqbcKQD2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
platform
hostinger
cf-ray
8428dfa82e910e84-AMS
expires
Tue, 16 Jan 2024 01:23:13 GMT
dskspvgwtopmmglldmmmmxixidhapejrrtcjixekswiyfn
numclock.info/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://numclock.info/dskspvgwtopmmglldmmmmxixidhapejrrtcjixekswiyfn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.wegamer-play.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8428dfa9dcc3663f-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 09 Jan 2024 01:23:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GhSW12s6IyMln5tdkgOUZPOfPAsKeKqkD%2BrfKXsvcSDxczf3et7xntBNXOAFJFmBSZRLUmmvgeR9dJNae6WljC6w2bFuDzLv9XOvJuaEv6vYRAyuNhL2r1d5JJpqaF3pzsQmdowaQ6tseno6"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
dskspvgwtopmmglldmmmmxixidhapejrrtcjixekswiyfn
numclock.info/ 		48 B
406 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://numclock.info/dskspvgwtopmmglldmmmmxixidhapejrrtcjixekswiyfn
Requested by
Host: www.wegamer-play.com
URL: https://www.wegamer-play.com/assets/1i4scfhfowc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
bae2312df47268b7ea86c9b93428328705f6a1de7eafbfe26b4a2060b4e24043

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.wegamer-play.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 09 Jan 2024 01:23:13 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"30-l0n27dHedOA0eJNl9DzMLoj9/rw"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FMgIRi5%2BHGjYxZAXssB4ZQjhaeUWlXuUZFdS3XGcksKQgT3z0%2FPtGxW0iOC6ghkH6hzjgYVzT%2BQUhp5H9sw4qCcu7w6%2FVBgvxdYxRdaN%2BBDru0knUjiFZwCjSG6x5eRZ%2FvFytX6DcK99J46t"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cf-ray
8428dfaaad80663f-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=86400
truncated
/ 		291 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		61 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		122 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		33 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/png
cvynhwizebycclnqk
numclock.info/ 		70 B
577 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://numclock.info/cvynhwizebycclnqk
Requested by
Host: www.wegamer-play.com
URL: https://www.wegamer-play.com/assets/1i4scfhfowc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3f986aeaef3d89b2fae1506635087a57d8c5f6d0122a445bfc7b836b50ff3321

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.wegamer-play.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 09 Jan 2024 01:23:14 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"46-XLbMURu+45hlZXzxaQaapqb3zh4"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rIRb0iMFTCD3kFtpnibcvo3iv3oJV1%2FRJ%2B1TgvisEyQ%2FpAWfXRZiuO5phxkApUkuKzIXSUC6aiqjcZ5H00yHTTSQ3UNn%2BXhuzzlpKQHhm9fOOa5KYJs9pA3BNTtyP%2F2ovcU%2BaO51AkqzrImX"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cf-ray
8428dfac3e001c89-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=86400
cvynhwizebycclnqk
numclock.info/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://numclock.info/cvynhwizebycclnqk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.wegamer-play.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8428dfab7d471c89-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 09 Jan 2024 01:23:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXPpr%2FKbRWCwLa6TWoNWv7NTJs9fifZBjltWnqRmrrHRmSAl91ULkuBSHblhJlH4PPHM7Qp%2BMiNPbSzo5MD0a3PByRDAD33RXwY2M23%2BM%2BRRf2cLAfD%2BUXiJ1ceitMyNttESIHbYMhRXlIq1"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
cdnvhobbefsucmuhk
numclock.info/ 		12 B
512 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://numclock.info/cdnvhobbefsucmuhk
Requested by
Host: www.wegamer-play.com
URL: https://www.wegamer-play.com/assets/1i4scfhfowc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.wegamer-play.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 09 Jan 2024 01:23:17 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"c-W8b47RZH5mUQPFFL7w2Ud28rDAA"
x-powered-by
Express
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PXFnm4zi2TKIafU2VYIA61ld1yc0yoqPODwJmYqA5MhAAHhCv9cCKi3RXHyY3%2FBZm4WPGMoRdB9rV04QOTggh2ZmhkK22tYGvLCs33fQZquLGEnqK9jsGj2stL8MFXv1jR%2F%2FmDb1Qs511Ax2"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cf-ray
8428dfbfbbb81c89-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
12
alt-svc
h3=":443"; ma=86400
cdnvhobbefsucmuhk
numclock.info/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://numclock.info/cdnvhobbefsucmuhk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:ca02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.wegamer-play.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8428dfbf3b031c89-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 09 Jan 2024 01:23:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NVsdkwpbo3XkpFBGfFs0frtUP%2FAQpEZP9TwJf9MpcbgSyAv%2BmyNQ9JWi3eUhUxi5PBbySyTWXphHONnFkEbpxf8%2BUcc0jze2DAy8aBQp5NSqZjg74ok2dDXPj7JbtRnePNzx%2F6myDsRHfRBG"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| m0_0xa2c0 function| m0_0x3eb0 function| cl

1 Cookies

Domain/Path Name / Value
www.wegamer-play.com/ Name: PHPSESSID
Value: c9lpdr7tiorvq5mucqe07t4fpe

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests