www.validsteamkeys.com Open in urlscan Pro
194.145.208.13 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.validsteamkeys.com/?download_link=dTR3SjkzL3Uzc200RTFLZFpBNkRvY1ZCZTNkSjNaa2trd2cyRmtXNitJbWhTTHBvVjNtelBQcTZjY0F6V...
Effective URL:
https://www.validsteamkeys.com/cd-key/lockercode.html
Submission: On September 06 via manual (September 6th 2022, 9:07:30 am UTC) from GB — Scanned from NL

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 194.145.208.13, located in Amsterdam, Netherlands and belongs to KNOWNSRV, NL. The main domain is www.validsteamkeys.com.
TLS certificate: Issued by R3 on July 20th 2022. Valid for: 3 months.

This is the only time www.validsteamkeys.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 13	194.145.208.13 194.145.208.13	200514 (KNOWNSRV) (KNOWNSRV)
1 1	2606:4700:303... 2606:4700:3033::ac43:b9ed	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:214... 2600:9000:214f:2200:1a:60a5:c0c0:21	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:206... 2600:9000:206f:3a00:13:652b:c180:21	16509 (AMAZON-02) (AMAZON-02)
17	4

13 194.145.208.13 (Amsterdam, Netherlands) 1 redirects

ASN200514 (KNOWNSRV, NL)

www.validsteamkeys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:b9ed (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.newmediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:2200:1a:60a5:c0c0:21 (United States)

ASN16509 (AMAZON-02, US)

d1xkyo9j4r7vnn.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:206f:3a00:13:652b:c180:21 (United States)

ASN16509 (AMAZON-02, US)

dgu9g3a2kzqx2.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	validsteamkeys.com 1 redirects www.validsteamkeys.com	804 KB
4	cloudfront.net d1xkyo9j4r7vnn.cloudfront.net dgu9g3a2kzqx2.cloudfront.net	48 KB
1	newmediafire.com 1 redirects www.newmediafire.com	528 B
17	3

	Domain	Requested by
13	www.validsteamkeys.com	1 redirects www.validsteamkeys.com
3	dgu9g3a2kzqx2.cloudfront.net	www.newmediafire.com
1	d1xkyo9j4r7vnn.cloudfront.net	www.validsteamkeys.com
1	www.newmediafire.com	1 redirects
17	4

This site contains no links.

Subject Issuer	Validity	Valid
www.cdkeys.get-cracked.com R3	`2022-07-20` - `2022-10-18`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.validsteamkeys.com/cd-key/lockercode.html
Frame ID: 0CA7A3B1043EE104D7C02947F1D12EE3
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CD Key

Page URL History Show full URLs

https://www.validsteamkeys.com/?download_link=dTR3SjkzL3Uzc200RTFLZFpBNkRvY1ZCZTNkSjNaa2trd2cyRmtXNitJbWhTT... HTTP 302
https://www.validsteamkeys.com/cd-key/loading.html Page URL
https://www.validsteamkeys.com/cd-key/lockercode.html Page URL

Page Statistics

17
Requests

88 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

852 kB
Transfer

880 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.validsteamkeys.com/?download_link=dTR3SjkzL3Uzc200RTFLZFpBNkRvY1ZCZTNkSjNaa2trd2cyRmtXNitJbWhTTHBvVjNtelBQcTZjY0F6V2RWZ3luZ2gwSFlSdEZMcllDYTRLL3FGWGc9PQ= HTTP 302
https://www.validsteamkeys.com/cd-key/loading.html Page URL
https://www.validsteamkeys.com/cd-key/lockercode.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.validsteamkeys.com/?download_link=dTR3SjkzL3Uzc200RTFLZFpBNkRvY1ZCZTNkSjNaa2trd2cyRmtXNitJbWhTTHBvVjNtelBQcTZjY0F6V2RWZ3luZ2gwSFlSdEZMcllDYTRLL3FGWGc9PQ= HTTP 302
https://www.validsteamkeys.com/cd-key/loading.html

Request Chain 7

https://www.newmediafire.com/public/external/locker.js HTTP 301
https://d1xkyo9j4r7vnn.cloudfront.net/public/external/locker.js

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	loading.html Show response www.validsteamkeys.com/cd-key/ Redirect Chain https://www.validsteamkeys.com/?download_link=dTR3SjkzL3Uzc200RTFLZFpBNkRvY1ZCZTNkSjNaa2trd2cyRmtXNitJbWhTTHBvVjNtelBQcTZjY0F6V2RWZ3luZ2gwSFlSdEZMcllDYTRLL3FGWGc9PQ= https://www.validsteamkeys.com/cd-key/loading.html	790 B 392 B	26ms 26ms	Document text/html	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Full URL https://www.validsteamkeys.com/cd-key/loading.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `d96cf6cf8bdda5f47de50e9539d3fe775258879285e50d835fe29182e5556584` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers accept-ranges bytes content-encoding br content-length 311 content-type text/html date Tue, 06 Sep 2022 09:07:25 GMT last-modified Tue, 17 Aug 2021 09:50:35 GMT server LiteSpeed vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-cache, no-store, must-revalidate, max-age=0 content-length 0 content-type text/html; charset=UTF-8 date Tue, 06 Sep 2022 09:07:25 GMT location https://www.validsteamkeys.com/cd-key/loading.html server LiteSpeed x-powered-by PHP/7.4.21 x-redirect-by WordPress
GET H2	200	code.css www.validsteamkeys.com/cd-key/loading-files/	8 KB 2 KB	27ms 26ms	Stylesheet text/css	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Full URL https://www.validsteamkeys.com/cd-key/loading-files/code.css Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/loading.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `07603a35f24654c2ca2f6d63eaf42905d52dcbcb67d3af72f2c429a397fa48f5` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/cd-key/loading.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:25 GMT content-encoding br last-modified Thu, 09 Sep 2021 22:02:33 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 1622 expires Tue, 13 Sep 2022 09:07:25 GMT
GET H2	200	responsive.css www.validsteamkeys.com/cd-key/responsive/css/	10 KB 2 KB	27ms 26ms	Stylesheet text/css	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Full URL https://www.validsteamkeys.com/cd-key/responsive/css/responsive.css Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/loading.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `8828139e9ec24dcb2c3a51388850c510df51acfd05e1a3d5c2cffdeb60a5abd3` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/cd-key/loading.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:25 GMT content-encoding br last-modified Wed, 23 Aug 2017 00:34:34 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 2378 expires Tue, 13 Sep 2022 09:07:25 GMT
GET H2	200	ajax-loader.gif www.validsteamkeys.com/cd-key/loading-files/	3 KB 3 KB	26ms 25ms	Image image/gif	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Show image Full URL https://www.validsteamkeys.com/cd-key/loading-files/ajax-loader.gif Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/loading.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `914244cefc6978d91d7d848bdccafabdc40acb79383766fd5ee8894cd3066290` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/cd-key/loading.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:25 GMT last-modified Wed, 01 Jun 2016 23:19:04 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 accept-ranges bytes content-length 2892 expires Tue, 13 Sep 2022 09:07:25 GMT
GET H2	200	background.jpg www.validsteamkeys.com/cd-key/generator-files/	338 KB 339 KB	25ms 25ms	Image image/jpeg	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Show image Full URL https://www.validsteamkeys.com/cd-key/generator-files/background.jpg Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/loading-files/code.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `9c254b9fbf4bd5e697d60631ae99b9a5399f0bc459bfeeec889b292b010aaa4a` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/cd-key/loading-files/code.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:25 GMT last-modified Mon, 16 Aug 2021 22:36:38 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 346494 expires Tue, 13 Sep 2022 09:07:25 GMT
GET H2	200	Primary Request lockercode.html Show response www.validsteamkeys.com/cd-key/	3 KB 1 KB	26ms 25ms	Document text/html	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Full URL https://www.validsteamkeys.com/cd-key/lockercode.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `26130ea5ebd00570cbef1b4da08bb74637547948b8632fc74d22354e4ec891cc` Request headers Referer https://www.validsteamkeys.com/cd-key/loading.html Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers accept-ranges bytes content-encoding br content-length 1073 content-type text/html date Tue, 06 Sep 2022 09:07:27 GMT last-modified Wed, 17 Aug 2022 14:29:10 GMT server LiteSpeed vary Accept-Encoding
GET H2	200	code.css www.validsteamkeys.com/cd-key/lockercode_files/	8 KB 2 KB	26ms 25ms	Stylesheet text/css	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Full URL https://www.validsteamkeys.com/cd-key/lockercode_files/code.css Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/lockercode.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `970c8a79506404a7a1ebad297ed4ff7401216d184cdb5b699b0bdceb831a0fb4` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/cd-key/lockercode.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:27 GMT content-encoding br last-modified Thu, 09 Sep 2021 22:00:42 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 1666 expires Tue, 13 Sep 2022 09:07:27 GMT
GET H2	200	responsive.css www.validsteamkeys.com/cd-key/responsive/css/	10 KB 2 KB	26ms 26ms	Stylesheet text/css	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Full URL https://www.validsteamkeys.com/cd-key/responsive/css/responsive.css Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/lockercode.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `8828139e9ec24dcb2c3a51388850c510df51acfd05e1a3d5c2cffdeb60a5abd3` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/cd-key/lockercode.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:27 GMT content-encoding br last-modified Wed, 23 Aug 2017 00:34:34 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 2378 expires Tue, 13 Sep 2022 09:07:27 GMT
GET H2	200	locker.js Show response d1xkyo9j4r7vnn.cloudfront.net/public/external/ Redirect Chain https://www.newmediafire.com/public/external/locker.js https://d1xkyo9j4r7vnn.cloudfront.net/public/external/locker.js	23 KB 23 KB	431ms 344ms	Script application/javascript	2600:9000:214f:2200:1a:60a5:c0c0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1xkyo9j4r7vnn.cloudfront.net/public/external/locker.js Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/lockercode.html Protocol H2 Server 2600:9000:214f:2200:1a:60a5:c0c0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / Resource Hash `d71b75f37cbaa198fcac72013ceb2a2fe5b68c89902dbcf4b52ae28812cb9268` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:28 GMT via 1.1 78c402b74e65ae12b398b6b957ab229e.cloudfront.net (CloudFront) last-modified Mon, 03 May 2021 01:47:37 GMT server Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop FRA53-C1 etag "5b8e-5c163257277fa" x-cache Miss from cloudfront content-type application/javascript accept-ranges bytes content-length 23438 x-amz-cf-id NjLPbGywjoTp1ocoiPBAFArlOK5iq51mc0sp98ESEJtk82glcQqJdg== Redirect headers date Tue, 06 Sep 2022 09:07:28 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 918 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQ%2Fj0x%2BhuQe1SJtN6JOVhD5poJKmnO4cQUOSEYYCvGUtiNB2qaf8wpahPCuvDSYisejp%2B8spmZntvWM29sgKB6P6fPUBoHLncXAgODd1zBdyGtrX3ZVIIZRPMm75sZMLvY7oJGcqFz03SWTErArGK%2B8VkA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 location https://d1xkyo9j4r7vnn.cloudfront.net/public/external/locker.js cache-control max-age=14400 cf-ray 74660df54b0db987-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	html.1806399.096f5.0.js Show response dgu9g3a2kzqx2.cloudfront.net/public/external/v2/	17 KB 17 KB	426ms 348ms	Script application/javascript	2600:9000:206f:3a00:13:652b:c180:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dgu9g3a2kzqx2.cloudfront.net/public/external/v2/html.1806399.096f5.0.js Requested by Host: www.newmediafire.com URL: https://www.newmediafire.com/public/external/locker.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:206f:3a00:13:652b:c180:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11 Resource Hash `835c399605fb9a41f21788a0cd51f47104c348102ba61003f1809d429290e116` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:29 GMT via 1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront) server Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop FRA56-C1 x-powered-by PHP/7.4.11 x-cache Miss from cloudfront content-type application/javascript x-amz-cf-id 86sRHAAyK1EVr4fkjOCF7Ns4aV_5pO4qbSPApFycEVdgqMZC185rNA==
GET H2	200	css_front.css dgu9g3a2kzqx2.cloudfront.net/public/external/	6 KB 7 KB	412ms 335ms	Stylesheet text/css	2600:9000:206f:3a00:13:652b:c180:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dgu9g3a2kzqx2.cloudfront.net/public/external/css_front.css Requested by Host: www.newmediafire.com URL: https://www.newmediafire.com/public/external/locker.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:206f:3a00:13:652b:c180:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 / Resource Hash `a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:29 GMT via 1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront) last-modified Tue, 23 Jun 2020 20:06:47 GMT server Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop FRA56-C1 etag "19c4-5a8c5e62e9d0a" x-cache Miss from cloudfront content-type text/css accept-ranges bytes content-length 6596 x-amz-cf-id y-MZrm1v7na-24bedKasgAkXX_4liKPEK8I9Umb6zOn7riadNi0hNw==
GET H2	200	background.jpg www.validsteamkeys.com/cd-key/generator-files/	338 KB 339 KB	26ms 25ms	Image image/jpeg	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Show image Full URL https://www.validsteamkeys.com/cd-key/generator-files/background.jpg Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/lockercode_files/code.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `9c254b9fbf4bd5e697d60631ae99b9a5399f0bc459bfeeec889b292b010aaa4a` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/cd-key/lockercode_files/code.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:28 GMT last-modified Mon, 16 Aug 2021 22:36:38 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 346494 expires Tue, 13 Sep 2022 09:07:28 GMT
GET H2	200	gen.png www.validsteamkeys.com/cd-key/lockercode_files/	22 KB 23 KB	51ms 50ms	Image image/png	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Show image Full URL https://www.validsteamkeys.com/cd-key/lockercode_files/gen.png Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/lockercode_files/code.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `59fd87d2d37355263b7991b96fc4600afa91f23b28bf9b19cfcc28bf766933c4` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/cd-key/lockercode_files/code.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:28 GMT last-modified Tue, 17 Aug 2021 09:50:10 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 22974 expires Tue, 13 Sep 2022 09:07:28 GMT
GET H2	404	footer-icons.html www.validsteamkeys.com/cd-key/lockercode_files/	64 KB 64 KB	610ms 609ms	Image text/html	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Show image Full URL https://www.validsteamkeys.com/cd-key/lockercode_files/footer-icons.html Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/lockercode_files/code.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / PHP/7.4.21 Resource Hash `099f058b86dd1e30bc897a49924ad750709d0ef0f051d86a789ed1797d2d18a9` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/cd-key/lockercode_files/code.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:28 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.21 vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	firasansot-regular-webfont.woff www.validsteamkeys.com/cd-key/fonts/	27 KB 27 KB	50ms 50ms	Font font/woff	194.145.208.13 KNOWNSRV
General Check archive.org Show headers Download Go to Full URL https://www.validsteamkeys.com/cd-key/fonts/firasansot-regular-webfont.woff Requested by Host: www.validsteamkeys.com URL: https://www.validsteamkeys.com/cd-key/lockercode_files/code.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 194.145.208.13 Amsterdam, Netherlands, ASN200514 (KNOWNSRV, NL), Reverse DNS Software LiteSpeed / Resource Hash `cfc9e8abe35471a8fc2fa2cba5937fb79ca48e20c26b074cfd0819705bc5c076` Request headers Referer https://www.validsteamkeys.com/cd-key/lockercode_files/code.css Origin https://www.validsteamkeys.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:28 GMT last-modified Wed, 01 Jun 2016 23:19:04 GMT server LiteSpeed content-type font/woff cache-control public, max-age=604800 accept-ranges bytes content-length 28068 expires Tue, 13 Sep 2022 09:07:28 GMT
GET H2	200	css.css dgu9g3a2kzqx2.cloudfront.net/public/clockers/PrimeApps/	1010 B 1 KB	185ms 184ms	Stylesheet text/css	2600:9000:206f:3a00:13:652b:c180:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dgu9g3a2kzqx2.cloudfront.net/public/clockers/PrimeApps/css.css Requested by Host: www.newmediafire.com URL: https://www.newmediafire.com/public/external/locker.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:206f:3a00:13:652b:c180:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / Resource Hash `a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de` Request headers accept-language nl-NL,nl;q=0.9 Referer https://www.validsteamkeys.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Tue, 06 Sep 2022 09:07:29 GMT via 1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront) last-modified Fri, 10 Apr 2020 22:29:00 GMT server Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop FRA56-C1 etag "3f2-5a2f7428ae907" x-cache Miss from cloudfront content-type text/css accept-ranges bytes content-length 1010 x-amz-cf-id g31I0bgtQ01U5-YzGN7is1oZxbTPjjKsXf9GuGacRIXhxFijHLqTPQ==
GET		guid dgu9g3a2kzqx2.cloudfront.net/public/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dgu9g3a2kzqx2.cloudfront.net
URL: https://dgu9g3a2kzqx2.cloudfront.net/public/guid?cpguid=b6n96nuo7&e=ll&t=1662455249811

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.validsteamkeys.com/	1970-01-20 06:01:59	Name: _cpguid Value: b6n96nuo7

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.validsteamkeys.com/cd-key/lockercode_files/footer-icons.html Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d1xkyo9j4r7vnn.cloudfront.net
dgu9g3a2kzqx2.cloudfront.net
www.newmediafire.com
www.validsteamkeys.com
dgu9g3a2kzqx2.cloudfront.net
194.145.208.13
2600:9000:206f:3a00:13:652b:c180:21
2600:9000:214f:2200:1a:60a5:c0c0:21
2606:4700:3033::ac43:b9ed
07603a35f24654c2ca2f6d63eaf42905d52dcbcb67d3af72f2c429a397fa48f5
099f058b86dd1e30bc897a49924ad750709d0ef0f051d86a789ed1797d2d18a9
26130ea5ebd00570cbef1b4da08bb74637547948b8632fc74d22354e4ec891cc
59fd87d2d37355263b7991b96fc4600afa91f23b28bf9b19cfcc28bf766933c4
835c399605fb9a41f21788a0cd51f47104c348102ba61003f1809d429290e116
8828139e9ec24dcb2c3a51388850c510df51acfd05e1a3d5c2cffdeb60a5abd3
914244cefc6978d91d7d848bdccafabdc40acb79383766fd5ee8894cd3066290
970c8a79506404a7a1ebad297ed4ff7401216d184cdb5b699b0bdceb831a0fb4
9c254b9fbf4bd5e697d60631ae99b9a5399f0bc459bfeeec889b292b010aaa4a
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
cfc9e8abe35471a8fc2fa2cba5937fb79ca48e20c26b074cfd0819705bc5c076
d71b75f37cbaa198fcac72013ceb2a2fe5b68c89902dbcf4b52ae28812cb9268
d96cf6cf8bdda5f47de50e9539d3fe775258879285e50d835fe29182e5556584

www.validsteamkeys.com Open in urlscan Pro 194.145.208.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

17 Requests

88 %HTTPS

75 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

852 kBTransfer

880 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

27 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

www.validsteamkeys.com Open in urlscan Pro
194.145.208.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

88 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

852 kB
Transfer

880 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!