Introduction

On October 22, 2024, I received a suspicious link asking me to vote for a player in a fictional ESports league. The link, xxxxxxxxx, initially appeared to be a legitimate voting platform, but upon further investigation, it was discovered to be a phishing scam.

Initial Investigation

Upon visiting the link, I noticed that the website was not very responsive, but it seemed to be a legitimate E-Sports league voting platform. However, I decided to investigate further by examining the source code of the website.

Discovery of Hidden Website

While combing through the source code, I discovered a hidden website located at xxxxxxxx. This website was poorly designed and appeared to be an amateur attempt at creating a legitimate website.

Discovery of Malicious JavaScript File

Further investigation led me to a JavaScript file located at xxxxxxxxxxxx. Upon analyzing this file, I discovered a hidden iframe that was designed to phish user credentials.

Phishing Scam Details

The phishing scam appears to be targeting Steam users, as the hidden iframe is designed to mimic a Steam Community login page. The scam is likely intended to trick users into entering their Steam login credentials, which could be used for malicious purposes.

Assets Used to Create Legitimate Steam Page

The phishing website used the following assets to create a legitimate-looking Steam page:

A fake Steam Community logo
A URL bar that mimics the Steam Community URL format
A password input field that is designed to look like the Steam Community login page
A "Connection is secure" message that is designed to look like the Steam Community security message
A "Site settings" dropdown menu that is designed to look like the Steam Community site settings menu
A "Cookies" message that is designed to look like the Steam Community cookies message
Web Host Information

The web host of the phishing website is Endurance International Group, a company based in 10 Corporate Dr #300, Burlington, MA 01803. I recommend reporting the phishing website to their abuse department to request that the website be taken down.

Recommendations

Report the phishing website to Endurance International Group's abuse department
Report the phishing website to Google's Safe Browsing team
Report the phishing website to Steam's support team
Warn others about the phishing scam to prevent further victimization
Evidence

Screenshots of the phishing website and hidden iframe
Source code of the phishing website and JavaScript file
URLs of the phishing website and hidden iframe
Recommendations for Future Prevention

Be cautious when receiving unsolicited links or emails asking for personal information
Verify the legitimacy of websites and organizations before providing sensitive information
Use strong, unique passwords and enable two-factor authentication whenever possible
Keep software and operating systems up to date with the latest security patches
Abuse Report Information

To report the phishing website to Endurance International Group's abuse department, you can use the following contact information:

Phone: +18017659400
Please provide the following information when reporting the phishing website:

URL of the phishing website: xxxxxxxxxxx
Description of the phishing activity
Screenshots of the phishing website and hidden iframe
Source code of the phishing website and JavaScript file