urlscan.io logo urlscan.io
SecurityTrails logo

steamcommynitiy.com Open in urlscan Pro
147.45.47.205  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://store-steaempowered.com/s/KRQA
Effective URL: https://steamcommynitiy.com/gift-card/937649152
Submission Tags: @phish_report
Submission: On September 15 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 147.45.47.205, located in Russian Federation and belongs to KARINAR, UA. The main domain is steamcommynitiy.com.
TLS certificate: Issued by E6 on September 8th 2024. Valid for: 3 months.
This is the only time steamcommynitiy.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
2 6 172.67.147.152 13335 (CLOUDFLAR...)
1 147.45.47.205 215789 (KARINAR)
1 104.96.144.90 ()
7 4
Domain Requested by
6 store-steaempowered.com 2 redirects store-steaempowered.com
1 steamcommunity.com
1 steamcommynitiy.com steamcommynitiy.com
7 3

This site contains no links.

Subject Issuer Validity Valid
store-steaempowered.com
WE1		 2024-09-15 -
2024-12-14		 3 months crt.sh
steamcommynitiy.com
E6		 2024-09-08 -
2024-12-07		 3 months crt.sh
store.steampowered.com
DigiCert SHA2 Extended Validation Server CA		 2023-12-05 -
2024-12-05		 a year crt.sh

This page contains 2 frames:

Primary Page: https://steamcommynitiy.com/gift-card/937649152
Frame ID: B56B1B4BFDA13973830FFC4538F774E9
Requests: 6 HTTP requests in this frame

Frame: https://steamcommynitiy.com/74492b05740252505e51404c51024a011051245a0a5405055c070d50
Frame ID: DE67A02296BA695D00E505F2D937A64D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Welcome Autumn!

Page URL History Show full URLs

  1. https://store-steaempowered.com/s/KRQA Page URL
  2. https://store-steaempowered.com/cdn-cgi/phish-bypass?atok=WZ05wa.jRNg7OTx.D_dM.G7PFMuqf3IDpAfUnY7D4tU-172642... HTTP 301
    https://store-steaempowered.com/s/KRQA HTTP 302
    https://steamcommynitiy.com/gift-card/937649152 Page URL

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

89 kB
Transfer

262 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://store-steaempowered.com/s/KRQA Page URL
  2. https://store-steaempowered.com/cdn-cgi/phish-bypass?atok=WZ05wa.jRNg7OTx.D_dM.G7PFMuqf3IDpAfUnY7D4tU-1726425252-0.0.1.1-%2Fs%2FKRQA HTTP 301
    https://store-steaempowered.com/s/KRQA HTTP 302
    https://steamcommynitiy.com/gift-card/937649152 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
KRQA
store-steaempowered.com/s/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://store-steaempowered.com/s/KRQA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.147.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7ad863752a2d9c757c5f9b351e592c8a450e0c79edab0d7aa62479ba84cef8c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

cf-ray
8c3ab5a41fa09e6d-CDG
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 15 Sep 2024 18:34:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2gjANMFjPSPo90zPfZb4tVyVCAmD1x82E65sQRqH4a8BxaOahdhlQOtg7DvbJBOfmnRzdDzt14vOObroFSX50rzVP5PbEeIxUivfmENG0k0WAKhT7QVZixLX4SYWM7cfIQajnz8u2CQ4rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
store-steaempowered.com/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://store-steaempowered.com/cdn-cgi/styles/cf.errors.css
Requested by
Host: store-steaempowered.com
URL: https://store-steaempowered.com/s/KRQA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.147.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://store-steaempowered.com/s/KRQA
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 15 Sep 2024 18:34:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Sep 2024 18:11:09 GMT
server
cloudflare
etag
W/"66e08bbd-5df3"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
8c3ab5a4a8359e6d-CDG
expires
Sun, 15 Sep 2024 20:34:12 GMT
icon-exclamation.png
store-steaempowered.com/cdn-cgi/images/ 		452 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://store-steaempowered.com/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: store-steaempowered.com
URL: https://store-steaempowered.com/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.147.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://store-steaempowered.com/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 15 Sep 2024 18:34:12 GMT
x-content-type-options
nosniff
last-modified
Tue, 10 Sep 2024 18:11:09 GMT
server
cloudflare
etag
"66e08bbd-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
8c3ab5a538c39e6d-CDG
content-length
452
expires
Sun, 15 Sep 2024 20:34:12 GMT
favicon.ico
store-steaempowered.com/ 		175 KB
36 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://store-steaempowered.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.147.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce83b35dd4d68eb7f78c8d42e96e1090cd9cd214e022c173d663ec5a46c0d83d

Request headers

Referer
https://store-steaempowered.com/s/KRQA
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 15 Sep 2024 18:34:12 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 15 Sep 2024 01:01:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1529
etag
W/"2bb11-6221e0004f935"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBOcM1nQOJhHXhcGpddrZt9P7j9AsfpdxxB3WvyJAhE399JT%2BwMc%2B6xmx3h9I1r2XAMAMDlmcsvzRP4e4j1e1MlxRinKXGYa0gbCppD7X6DwN4Dmtn%2BIn9ahfPW76mmkIxuFu8bVDeFwAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/vnd.microsoft.icon
cache-control
max-age=14400
cf-ray
8c3ab5a5b93e9e6d-CDG
alt-svc
h3=":443"; ma=86400
Primary Request 937649152
steamcommynitiy.com/gift-card/
Redirect Chain
  • https://store-steaempowered.com/cdn-cgi/phish-bypass?atok=WZ05wa.jRNg7OTx.D_dM.G7PFMuqf3IDpAfUnY7D4tU-1726425252-0.0.1.1-%2Fs%2FKRQA
  • https://store-steaempowered.com/s/KRQA
  • https://steamcommynitiy.com/gift-card/937649152
21 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://steamcommynitiy.com/gift-card/937649152
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
147.45.47.205 , Russian Federation, ASN215789 (KARINAR, UA),
Reverse DNS
Software
Caddy nginx/1.27.1 /
Resource Hash
1df320e7753771847e99a7d80f1373a0f3424444f4ee5a482786c6ae04603f32
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://store-steaempowered.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc
h3=":443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Sun, 15 Sep 2024 18:34:19 GMT
etag
W/"5428-vFamyD46CnWOSDtEg+UFrOYpEh8"
origin-agent-cluster
?1
referrer-policy
no-referrer
server
Caddy nginx/1.27.1
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8c3ab5c52f449e6d-CDG
content-type
text/html; charset=UTF-8
date
Sun, 15 Sep 2024 18:34:17 GMT
location
https://steamcommynitiy.com/gift-card/937649152
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WGartkbu7Kd8iY6TZMChklwirygbjg2GOUVZrYrY5VfpkHm0qFU6%2BvxUJB4leQjo83g0OQv0DyK6H6ZGLt4qJHi%2BOZA8soBHLsGMpubhS5SACS9XatM0eXtlD1w0IAeOsWpLUs7eS%2Fgctg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
74492b05740252505e51404c51024a011051245a0a5405055c070d50
steamcommynitiy.com/ Frame DE67 		0
0
favicon.ico
steamcommunity.com/ 		38 KB
38 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://steamcommunity.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.96.144.90 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Sun, 15 Sep 2024 18:34:23 GMT
Last-Modified
Tue, 18 Sep 2018 23:32:59 GMT
Server
nginx
Content-Type
image/x-icon
Cache-Control
public,max-age=86400
Connection
keep-alive
Content-Length
38554
Expires
Fri, 16 Feb 2024 01:39:32 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
steamcommynitiy.com
URL
https://steamcommynitiy.com/74492b05740252505e51404c51024a011051245a0a5405055c070d50

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| VMEOSp object| P90U3TW function| DLKNSD function| pCYpwb0 function| d9TC98 function| nsrSVZc function| oGS7Ib3 string| FQqZ9K string| _x_Erxr string| ryB6ee string| xlvxBf string| QG7PCL object| v888eN string| ZhCiIe object| K7Tg7V_ string| _id4pS object| uYX2KIp number| eo6Lq2 function| cYNPlq object| l5v3OS number| Eqa8vUO object| mHTFChn function| JjKuht function| wDiwS3J function| FWmGFXF function| GE2KNHG function| P9Xj13 function| HOElJp7 function| nhddMp function| aN0EFII function| e1VcRRE function| eYFUxco function| Bd0VbwX function| VmY6X9 function| h3yZqj function| lwT5ms function| xp_7KO function| eubJtCx object| token

3 Cookies

Domain/Path Name / Value
.store-steaempowered.com/ Name: __cf_mw_byp
Value: WZ05wa.jRNg7OTx.D_dM.G7PFMuqf3IDpAfUnY7D4tU-1726425252-0.0.1.1-/s/KRQA
steamcommynitiy.com/ Name: session
Value: eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0.pX8ZXd5DEQ97CFANfLda2b5zxBUkQLPi.SAKuz6dIyUxxzh-v.zsVunY3yjTes4Cd_CIywcwDp_XQo2TAfLa6W7cRBNo6Hp8VBJOJ53aA_9XCNksopzCRrF1pUjz0EN-deyKJ148uWkqbOogiFlRoQ0l1BZrEkFDXHFEwNyWV3mSOV1ziU93Dyi6EzWKqtXYPCe9vu2hahpv_ggL865t_voAK3X26f3qcG-_Z7u8hnlYDfpT-VLFsC3qxdfChvSILTPBQKNBjDlAdB5vn2ckDwrnNN3_m8SdR09m6v9A.cxTehDftUC6TFoc6O8QzaQ
steamcommynitiy.com/ Name: token
Value: eyJhbGciOiJIUzI1NiJ9.eyJvd25lciI6NzQsInNlY3JldCI6IjAwZWQ5MzE3Nzc0YTJjOGU1Y2JjOWMzMWU2OGI2MjVmIiwic2VydmljZSI6IlN0ZWFtIn0.LQFv1cRWhGYu71O0RLvX21ixF6Ggzyg4lAc2jaIBRIc

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN