steamcounmunity.com

https://steamcounmunity.com/event/winter

104.21.35.141 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

205 days

HTTP

200 · 37.2s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Добро пожаловать в Steam!"

Save

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Steam

Credential Phishing

technology | entertainment | ecommerce · 4/5/2026

Summary

This page at steamcounmunity.com impersonates Steam. The page title and visible branding reference Steam, while the domain name is a misspelled imitation containing 'steam' and intent to clone the Steam UI. The SPA-like page loads Steam assets and uses scripts that render a Steam-like interface, suggesting credential collection via dynamic forms loaded by JavaScript. The domain is not the official Steam domain (store.steampowered.com or steampowered.com) and the SSL cert is valid for the impersonating domain, raising strong impersonation risk.

Attack Techniques (5)

Typosquat/brand-imbued domain: steamcounmunity.com containing Steam brandingBrand-imitation via page title and visuals matching SteamSPA-style page that renders credential fields via JavaScript (static HTML shows no form)Loading Steam assets and UI scripts to mimic Steam storefrontIframes present and external scripts loaded to clone Steam UI

Indicators of Compromise (5)

▸Domain: steamcounmunity.com (IOC)

▸Page title: Добро пожаловать в Steam! (Steam branding in Russian)

▸External assets mimicking Steam (steamstatic CDN assets, Valve logo usage in UI)

▸Network requests include loading Steam CSS/JS assets and Valve imagery

▸SSL certificate for steamcounmunity.com (SANs include steamcounmunity.com)

Risk AssessmentUsed in abuse reports

The site is actively impersonating a major brand. The domain ste amcounmunity.com is a deliberate typosquat designed to mimic Steam, with a page title and UI mirroring Steam’s storefront. The SPA approach and heavy use of Steam assets indicate intent to harvest credentials or other sensitive data through a forged login/participation flow. The absence of an actual login form in static HTML does not reduce risk, as the SPA may render credential fields at runtime. The presence of a new-ish SSL cert and the cloudflare hosting, plus WAF-like behavior, suggests evasive techniques to bypass automated scanners. This demands immediate action to block, suspend, and notify registrars and hosting providers.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence