www.wegamer-play.com
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Submission: On January 09 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on November 16th 2023. Valid for: 3 months.
This is the only time www.wegamer-play.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Steam (Gaming)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 2606:4700:303... 2606:4700:3035::ac43:ca02 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
numclock.info
numclock.info |
1 KB |
2 |
wegamer-play.com
www.wegamer-play.com |
428 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
6 | numclock.info |
www.wegamer-play.com
|
2 | www.wegamer-play.com |
www.wegamer-play.com
|
8 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
store.steampowered.com |
steamcommunity.com |
help.steampowered.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
wegamer-play.com GTS CA 1P5 |
2023-11-16 - 2024-02-14 |
3 months | crt.sh |
numclock.info GTS CA 1P5 |
2023-12-05 - 2024-03-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.wegamer-play.com/authe.php
Frame ID: 65C57475015C6F82FD371160346DB934
Requests: 12 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Title: STORE
Search URL Search Domain Scan URL
Title: COMMUNITY
Search URL Search Domain Scan URL
Title: ABOUT
Search URL Search Domain Scan URL
Title: SUPPORT
Search URL Search Domain Scan URL
Title: Help, I can't sign in
Search URL Search Domain Scan URL
Title: Steam Mobile App
Search URL Search Domain Scan URL
Title: Join Steam
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
authe.php
www.wegamer-play.com/ |
51 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1i4scfhfowc2.js
www.wegamer-play.com/assets/ |
1 MB 399 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
dskspvgwtopmmglldmmmmxixidhapejrrtcjixekswiyfn
numclock.info/ |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
dskspvgwtopmmglldmmmmxixidhapejrrtcjixekswiyfn
numclock.info/ |
48 B 406 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
291 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
61 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
122 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
33 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
cvynhwizebycclnqk
numclock.info/ |
70 B 577 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
cvynhwizebycclnqk
numclock.info/ |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
cdnvhobbefsucmuhk
numclock.info/ |
12 B 512 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
cdnvhobbefsucmuhk
numclock.info/ |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Steam (Gaming)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| m0_0xa2c0 function| m0_0x3eb0 function| cl1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.wegamer-play.com/ | Name: PHPSESSID Value: c9lpdr7tiorvq5mucqe07t4fpe |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
numclock.info
www.wegamer-play.com
2606:4700:3035::ac43:ca02
2a06:98c1:3120::3
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082
3f986aeaef3d89b2fae1506635087a57d8c5f6d0122a445bfc7b836b50ff3321
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27
4fbd8b6e9b6f9795f048d9bfa64012e97c6c04c73999337eada3d963a04e843c
4fc14bff07dcdd10f5fec5fcea9c0df4bf1afd0b54b846dcd3171995f26c4c46
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1
bae2312df47268b7ea86c9b93428328705f6a1de7eafbfe26b4a2060b4e24043
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa