drop-ersderd.vip
Open in
urlscan Pro
2606:4700:3034::6815:32c5
Malicious Activity!
Public Scan
Effective URL: https://drop-ersderd.vip/3ho/login/?openid.ns=wdkry8zUHh3kz7locToxGxegNDoptV&openid.mode=lBq9wlglgTmgIpTY8NEQjKxxkYqG5Z&o...
Submission Tags: @phish_report
Submission: On January 21 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by GTS CA 1P5 on January 19th 2024. Valid for: 3 months.
This is the only time drop-ersderd.vip was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Steam (Gaming)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2606:4700:303... 2606:4700:3034::6815:32c5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2606:4700::68... 2606:4700::6810:5714 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 193.108.153.29 193.108.153.29 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 172.64.145.151 172.64.145.151 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
27 | 5 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a193-108-153-29.deploy.static.akamaitechnologies.com
community.akamai.steamstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
drop-ersderd.vip
drop-ersderd.vip |
173 KB |
11 |
steamstatic.com
community.akamai.steamstatic.com — Cisco Umbrella Rank: 38587 community.cloudflare.steamstatic.com — Cisco Umbrella Rank: 27784 |
544 KB |
4 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 324 |
96 KB |
27 | 3 |
Domain | Requested by | |
---|---|---|
12 | drop-ersderd.vip |
drop-ersderd.vip
|
7 | community.akamai.steamstatic.com |
drop-ersderd.vip
|
4 | community.cloudflare.steamstatic.com |
drop-ersderd.vip
|
4 | cdn.jsdelivr.net |
drop-ersderd.vip
|
27 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
store.steampowered.com |
steamcommunity.com |
help.steampowered.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
drop-ersderd.vip GTS CA 1P5 |
2024-01-19 - 2024-04-18 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
cdn.akamai.steamstatic.com R3 |
2023-11-16 - 2024-02-14 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://drop-ersderd.vip/3ho/login/?openid.ns=wdkry8zUHh3kz7locToxGxegNDoptV&openid.mode=lBq9wlglgTmgIpTY8NEQjKxxkYqG5Z&openid.return_to=ga7fca171Muzcbs6lJ37SWpr3J1ZKI&openid.identity=88WAXaefYoHMAZYkYFqXr4FEqxIpsw&openid.claimed_id=xI2N3zjv9Ox0ayiJVzXOzTjG1h5v25
Frame ID: 72CEA477CEA0B6B9C1FCB9C97E6BDE02
Requests: 27 HTTP requests in this frame
Frame:
https://drop-ersderd.vip/m2rq5lo8a4f/
Frame ID: 5205A0078398B8262C0F7FE10D14CE7C
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign InPage URL History Show full URLs
- https://drop-ersderd.vip/CS2 Page URL
- https://drop-ersderd.vip/3ho/login/?openid.ns=wdkry8zUHh3kz7locToxGxegNDoptV&openid.mode=lBq9wlglgTmg... Page URL
Detected technologies
jsDelivr (CDN) ExpandDetected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: COMMUNITY
Search URL Search Domain Scan URL
Title: ABOUT
Search URL Search Domain Scan URL
Title: SUPPORT
Search URL Search Domain Scan URL
Title: Help, I can't sign in
Search URL Search Domain Scan URL
Title: Steam Mobile App
Search URL Search Domain Scan URL
Title: Learn More
Search URL Search Domain Scan URL
Title: geonames.org
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Steam Subscriber Agreement
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://drop-ersderd.vip/CS2 Page URL
- https://drop-ersderd.vip/3ho/login/?openid.ns=wdkry8zUHh3kz7locToxGxegNDoptV&openid.mode=lBq9wlglgTmgIpTY8NEQjKxxkYqG5Z&openid.return_to=ga7fca171Muzcbs6lJ37SWpr3J1ZKI&openid.identity=88WAXaefYoHMAZYkYFqXr4FEqxIpsw&openid.claimed_id=xI2N3zjv9Ox0ayiJVzXOzTjG1h5v25 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
CS2
drop-ersderd.vip/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
react.production.min.js
cdn.jsdelivr.net/npm/react@18.2.0/umd/ |
10 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
react-dom.production.min.js
cdn.jsdelivr.net/npm/react-dom@18.2.0/umd/ |
129 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0nkplg2um3t9.min.js
drop-ersderd.vip/assets/2uobj5rxw5g/ |
20 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1a95ef18rath7dgzn2.css
drop-ersderd.vip/assets/o5707oabp3h/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
drop-ersderd.vip/m2rq5lo8a4f/ Frame 5205 |
397 B 642 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
drop-ersderd.vip/api/getsiteconfig/ |
830 B 1008 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fcff4301rath7dgzn2.woff2
drop-ersderd.vip/assets/o5707oabp3h/ |
28 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
drop-ersderd.vip/3ho/login/ |
635 B 749 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
drop-ersderd.vip/3ho/login/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
react.production.min.js
cdn.jsdelivr.net/npm/react@18.2.0/umd/ |
10 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
react-dom.production.min.js
cdn.jsdelivr.net/npm/react-dom@18.2.0/umd/ |
129 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
9d9ef79c9feb6ef171a9.js
drop-ersderd.vip/3ho/login/js/ |
322 KB 90 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8bfd97c7b355d7d70066.js
drop-ersderd.vip/3ho/login/js/ |
123 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4c5430240626061e5f20.js
drop-ersderd.vip/openid/auth/js/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header_menu_hamburger.png
community.akamai.steamstatic.com/public/shared/images/responsive/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header_logo.png
community.akamai.steamstatic.com/public/shared/images/responsive/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_steam.svg
community.akamai.steamstatic.com/public/shared/images/header/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
96fx96f
community.akamai.steamstatic.com/economy/image/-9a81dlWLwJ2UUGcVs_nsVtzdOEdtWwKGZZLQHTxDZ7I56KU0Zwwo4NUX4oFJZEHLbXH5ApeO4YmlhxYQknCRvCo04DEVlxkKgpovbSsLQJf0ebcZThQ6tCvq4OeqPXhJ6_UhG1d8fp9hfvEyoHwjF... |
6 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
join_pc.png
community.cloudflare.steamstatic.com/public/shared/images/login/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footerLogo_valve.png
community.akamai.steamstatic.com/public/images/skin_1/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_header_installsteam_download.png
community.akamai.steamstatic.com/public/shared/images/header/ |
291 B 522 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
61 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new_login_bg_strong_mask.jpg
community.akamai.steamstatic.com/public/shared/images/joinsteam/ |
122 KB 122 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MotivaSans-Regular.ttf
community.cloudflare.steamstatic.com/public/shared/fonts/ |
120 KB 120 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MotivaSans-Black.ttf
community.cloudflare.steamstatic.com/public/shared/fonts/ |
118 KB 118 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MotivaSans-Medium.ttf
community.cloudflare.steamstatic.com/public/shared/fonts/ |
121 KB 121 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
drop-ersderd.vip/api/statistic/ |
16 B 607 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Steam (Gaming)142 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| React object| ReactDOM function| a0z function| a0M object| webpackChunk boolean| page_active function| a7Y function| a7h function| a7T string| FtB17T string| b9OQfH4 string| yQlnLk object| FEQaQMT function| Xs7VJw object| k1BS8rs number| Ocj1sOH object| fPP_e8 string| RJUsr60 string| sRhil_L string| cck1rr string| iWYjpB string| FxR0Pb string| m9ZAAc string| z8NeqwP string| SRm7Vq string| eGsy2G string| gqzlvs8 string| LcIrn9M string| r3dVZf string| VnRAyw string| ykdBED string| PZ5Xodi string| I4eGfos string| lY36Azy string| sdU1eOe string| RtcS5X string| iWghOJ string| BouEnb string| tchIhb9 string| hPZlgVw string| CUqxk3 string| jQJNUY string| TG_5XK string| fHFVKZ string| km5Qsuw string| SsUyqR string| NmJGCn string| JqfNgK string| B0lj1Bs string| IOeUkP string| PhmX__r string| EyK33I string| oR3dO_X string| znY5lP string| S9z4Z1p string| wSv3nz string| jX2G31 string| zte6Ik string| n7UyWk string| tBB5ATJ string| j24s7XN string| WhwSKpp string| wSM8Q6 string| iAD_Eu string| Ig43aZc string| wgx1FA string| NOSQQ4y string| vJq1i86 string| C6zo7Pj string| uTe8_d7 string| wwe2Kei string| rW_zg9 string| TdxvU4 string| n9qG6ul string| IfPZmZ string| gWkWfK_ string| mTtHD56 string| n79zUJ string| BqCwrm string| wz63SZ4 string| exxqf6 string| jnk3ax string| A2_oc9C string| B2IZ6uh string| MixH5ij string| BDaEPoS string| Ubi_Iy6 string| yQEXpoE string| b7TgIl string| DF87tBy string| ly6ZikW string| kJoLTQu string| iSDLKh string| Z97Hx4H string| W5IivZh string| JHqCTM2 string| jNJRre string| hDgN4Cv string| OCEyyR8 string| y9xfov string| q6MImz4 string| vI6cq8M string| r9rTTd string| JCVCfy8 string| mRx8Nu string| WRlB30 string| qjYi2tK string| FFz8RA string| jPuQFT0 string| qx0XBPe string| cSzMuhF string| RmReqKx string| kInaMkp string| jwCrGkq string| A39dwW string| EnX4k3D string| ourkBom string| XaI1SSV string| XSiAos string| as_C04G string| mV9y9V string| a10QtBk string| lVic3BN string| eefnOr string| WqtMoDL object| CH517Em object| N8ZZ77 object| A14k4k object| Mze8BB function| azeYl8T function| D5zfo3h number| lixNVn function| IPGFtf function| zYnXkIo function| z0a2fO8 function| yAmbRQh function| PX7I8S function| UjmRWG function| _4ZqT6 function| tu3IKW function| H6k8Hsd function| ZWvz2V2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
drop-ersderd.vip/ | Name: hash Value: 3ho |
|
drop-ersderd.vip/ | Name: token Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsaW5rX2lkIjozNDE3MjIsImlhdCI6MTcwNTg2NDcyOSwiZXhwIjoxNzA1ODY4MzI5LCJhY3Rpb25zIjpbImxvZ2luX3Zpc2l0Il19.qKYeREDmmttPlNc1QXqDB7AIxuE4iD21qgBS1QqvKJ0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
community.akamai.steamstatic.com
community.cloudflare.steamstatic.com
drop-ersderd.vip
172.64.145.151
193.108.153.29
2606:4700:3034::6815:32c5
2606:4700::6810:5714
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
1a95ef186f815f53c4b788270966eabb9b103986bd2d3da9c4a655c059cf03a4
1cf21e9ad20fead077c4c566fb2dbb0d1a3c3dab1e962cd7d28178d91cbc8393
21758ed084cd0e37e735722ee4f3957ea960628a29dfa6c3ce1a1d47a2d6e4f7
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082
297b6252e8893eaf6af8dd0bb7e5ea4dbd55193acea88366d3157e5b3bbd84d2
2d98082379b264a9f02f3e7ad198d9751705d52bafb1030b7a10facd1a0ad8d4
32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1
38aad0e44168289fda6d1356dfa26a5db666071195f9da181e6a1c7daaa8e853
40f47b0343ef42c4fead3c365315b9d2da1420f49e92dad69705153050189688
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27
4b4969fa4ef3594324da2c6d78ce8766fbbc2fd121fff395aedf997db0a99a06
5edc75f3f39fbb4e90de845bdaa4c0cdc8b6ebabd4413d38ee59c1b21517e1ef
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8
88c90a8cd22bdbb6bd382e3e7dba6c221bedb8940fdea4d9ef481ae480d29210
9441d9e6dd077f03c1b888b5631e42808c24e71d49e59be7fb6cbaf15537a223
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44
a9390479b10da7f8dffa3af5898aa0d22c7e1597ca4c739eb18835ef525ade23
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1
c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca6b571d704ebcb470fd035a8f325f615c423c404ca6383fd9009ea93b7285ab
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa
fcff4301dc083af2be2b990bb6485e9e06ce9d2b373a7acf8a74f61ea69d861a