ScamLens
Cached < 6hAnonymous (3/day)

Security Report for node2-py-store.com

ScamLens analyzed node2-py-store.com using 90+ threat intelligence sources and assigned a trust score of 19/100, classifying it as high risk.

Trust Score: 19/100

Risk Level: High Risk

This domain already shows strong risk signals. Stop interacting, preserve the page, chat, phone, and payment evidence, and move into response or reporting immediately.

Site Title
GMX - kostenlose E-Mail, Cloud, Nachrichten & Freemail
Site Description
Kostenlose E-Mail-Adresse erstellen, Nachrichten lesen und Fotos &amp; Dateien in der GMX Cloud sicher speichern. Jetzt registrieren!
de-DE HTTPS ✓
2
Checked 2 times

Quick Answer

This domain already shows strong risk signals. Stop interacting, preserve the page, chat, phone, and payment evidence, and move into response or reporting immediately.

Positive Signals

  • + Google Safe Browsing: Safe
  • + HTTPS encryption supported
  • + Security headers configured (HSTS + CSP)

Concerns

  • - 2 security sources flagged as suspicious
  • - Cross-domain redirect detected

Score Breakdown

Domain Reputation 30
Newly registered
Threat Intelligence 98
15/17 safeSafeBrowsing OK
Technical Security 60
HTTPSHSTSCSPCross-domain redirect
Community Reputation 50
No community data yet

Was this assessment accurate?
0 say Safe0 say Suspicious
What do you think?
What to do next

node2-py-store.com looks like a phishing site

At least one trusted threat-intelligence feed flagged this domain. Treat any credential prompt as hostile.

Confidence:High
  1. Do not enter passwords or card details
    Phishing pages clone legitimate brand UIs to steal credentials. If you already entered them, change those passwords immediately on the real site.
  2. Close the tab and clear browser data for this domain
    This breaks any session cookie the page set and reduces the risk of follow-up phishing prompts.
  3. Report it so others are protected
    One community report can warn thousands of visitors. Use the button below.
Cross-check with independent scanners

Trust but verify — open this domain on unrelated security services and compare the verdict.

VirusTotalurlscan.ioGoogle Safe Browsing
How we decide thisReport this site

AI Risk Assessment

High Risk
Based on 6 sourcesUpdated 9h ago

What matters right now

With a high-risk result, the priority is not reading more pages. It is immediate containment, credential resets, evidence preservation, and the reporting path.

node2-py-store.com presents a high-risk profile due to confirmed brand impersonation 6. The domain closely mimics 'store.steampowered.com' using subdomain spoofing with 0.8 similarity 6, a common phishing technique targeting Steam users. Additionally, 2 of 27 threat feeds flagged the domain: shodan_internetdb reported a vulnerable host, and dns_security blocked it for malware associations 2. While Safe Browsing is currently clean 1 and 25 threat feeds responded clean 3, the combination of brand impersonation and multiple threat feed signals indicates active malicious infrastructure designed to deceive users.

Recommendation

Do not visit or interact with this domain. 6 If you intended to access Steam's store, use only store.steampowered.com directly. Report this domain to Google Safe Browsing and Steam's abuse team. Block this domain at your network/device level if possible 26.

Sources

  1. Google Safe BrowsingThreat intel

    clean

    Verify at source
  2. Threat intelligence feeds (2 flagged)Threat intel

    shodan_internetdb (VULNERABLE_HOST); dns_security (DNS_BLOCKED_MALWARE)

  3. 25/27 threat feeds responded cleanThreat intel
  4. WHOIS registration dataWHOIS

    Registered 2025-11-03T10:41:09Z (232 days ago), registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED

  5. TLD risk classification: .com (low risk)Analysis

    Based on APWG / Spamhaus / Interisle 2024 abuse rankings

  6. Brand impersonation: matches "store.steampowered.com"Analysis

Powered by ScamLens AI· Check sources to verify important claims

Threat-intelligence sources

Checked across 27 sources — 2 flagged this domain

Show source breakdown
  • safe_browsing clean
  • urlhaus clean
  • cloudflare_radar clean
  • cert_transparency clean
  • alienvault_otx warning
  • phishstats clean
  • virustotal clean
  • ipqs clean
  • abuseipdb clean
  • securitytrails clean
  • phishdestroy clean
  • threatfox clean
  • shodan_internetdb flagged
  • phishtank clean
  • urlscan clean
  • rdap clean
  • maltiverse clean
  • dns_security flagged
  • wanted_domains clean
  • darkweb clean
  • hagezi_tif clean
  • openphish clean
  • scam_blocklist clean
  • maltrail clean
  • crypto_scam_feed clean
  • phishing_army clean
  • red_flag_domains clean

ScamLens aggregates real-time signals from 90+ commercial and open-source threat-intelligence providers including Google Safe Browsing, VirusTotal, PhishTank, URLhaus, ThreatFox, Cloudflare Radar, OTX, IPQS, GoPlus, Honeypot.is, and more. A flagged signal is evidence; the absence of flags is not proof of safety. Use the signals below alongside community reports to decide.

Advanced Scan

Comprehensive data lookup across premium sources

$2.99one-time payment
  • Website history verification
  • Detailed WHOIS information
  • Reverse WHOIS association
  • Traffic rank analysis
  • Company registration check
Recommended

AI Deep Investigation

Cross-check the story, claims, and supporting evidence before you decide

$4.99one-time payment
  • Everything in Advanced Scan
  • AI website content analysis
  • AI cross-reference verification
  • Claim authenticity validation
  • Detailed report with evidence
Most Thorough

Comprehensive Investigation

Full-spectrum investigation with company deep search & social intelligence

$14.99one-time payment
  • Everything in Deep Investigation
  • AI company background search
  • Social media intelligence
  • Detailed suspicious point analysis
  • Event timeline & entity connections

This analysis is for informational purposes only and does not constitute a legal determination.

Security Sources

Google Safe Browsing
Safe
Cloudflare Radar
Safe
URLhaus (abuse.ch) Confidence: Medium
Not Listed
Certificate Transparency Confidence: Low
Not Listed
AlienVault OTX Confidence: Medium
Low Concern
PhishStats Confidence: Low
Not Listed
VirusTotal Confidence: Low
Not Listed
IPQualityScore Confidence: Low
Not Listed
AbuseIPDB Confidence: Low
Not Listed
SecurityTrails Confidence: Low
Not Listed
PhishDestroy Confidence: Low
Not Listed
ThreatFox (abuse.ch) Confidence: Low
Not Listed
Shodan InternetDB Confidence: Medium
Unsafe
PhishTank Confidence: Low
Not Listed
URLScan.io Confidence: Medium
Not Listed
RDAP Domain Registration Confidence: Low
Not Listed
Maltiverse Confidence: Low
Not Listed
DNS Security Confidence: High
Unsafe
Law Enforcement Confidence: Low
Not Listed
darkweb Confidence: Low
Not Listed
HaGeZi Threat Intelligence Confidence: Medium
Not Listed
OpenPhish Confidence: Low
Not Listed
Scam Blocklist (Jarelllama) Confidence: Low
Not Listed
Maltrail (stamparm) Confidence: Low
Not Listed
Crypto Scam Feed Confidence: Low
Not Listed
Phishing Army Confidence: Low
Not Listed
Red Flag Domains Confidence: Low
Not Listed

Domain Information

Registrar
NICENIC INTERNATIONAL GROUP CO., LIMITED
Created
November 3, 2025
Expires
November 3, 2026
Domain Age
7 months
DNSSEC
Disabled
Nameservers
KAYDEN.NS.CLOUDFLARE.COM, LIZ.NS.CLOUDFLARE.COM
Domain Status
client delete prohibited client transfer prohibited

SSL/TLS Certificate

No data available

Redirect Chain

1 hop

Cross-domain redirect detected

This domain redirects to a different domain. This is commonly used by phishing sites to evade detection.

node2-py-store.com → gmx.net

1

node2-py-store.com

Status: 301

Final destination

www.gmx.net

Server Information

IP Address
185.92.183.153
Hosting Provider
CGI GLOBAL LIMITED
ASN
AS56971 AS56971 Cloud
Server Location
Helsinki, Finland

Related Intelligence
Technical Details (DNS / Headers / Subdomains)

DNS Records

Email Security

SPF Not Configured DMARC Not Configured
Type Value
A 185.92.183.153
NS kayden.ns.cloudflare.com
NS liz.ns.cloudflare.com

HTTP Security Headers

6/6
Strict-Transport-Security Present

max-age=31536000; includeSubdomains; preload

Content-Security-Policy Present

connect-src gmx.net *.gmx.net *.adition.com *.mam.dev *.netid.de *.server.lan *....

X-Frame-Options Present

DENY

X-Content-Type-Options Present

nosniff

Referrer-Policy Present

strict-origin-when-cross-origin

Permissions-Policy Present

microphone=(), camera=(), geolocation=(), usb=()

Channels / Subdomains

No data available

Community Reports

Log in to report and share your experience

...

Report & Take Down This Website

High-Risk Signals

The risk signals are strong enough. Move on evidence preservation, reporting, and victim response now

This result is no longer just a normal verification case. Moving the chat, phone, payment, and official-reporting path in parallel is usually more important than waiting for more data.

Recommended First

Move into the victim action plan

If you already paid, logged in, or installed tools, use the action plan first to prioritize containment and evidence work.

Move into the website-reporting flow

Move the site, payment evidence, chat trail, and contact points into the formal reporting path.

Add the chat, DM, and payment-pressure trail

Keep the Telegram, WhatsApp, social DM, and payment-pressure trail in the same timeline.

Check the callback number and SMS

If the actor also used calls, SMS, or one-time codes, verify that phone path next.

The results are based on multiple third-party data sources and AI models. False positives or negatives may occur. This report should not be used as the sole basis for any decision. Please verify with additional sources.

If a loss already happened, move into the response flow now

Delay is the main risk with high-risk domains. Prioritize freezes, credential resets, reporting, and evidence preservation now.

Start the response

If no loss happened yet, continue with the website-reporting and official-agency paths next.

Related Security Guides

Learn more about how to protect yourself from this type of threat.

How to Check if a Website Is Safe Phishing Scams Guide

FAQ

Is node2-py-store.com safe to visit?

node2-py-store.com received a trust score of 19/100 from ScamLens, indicating several security concerns. 1 threat intelligence sources flagged this domain. Proceed with extreme caution.

Was node2-py-store.com flagged by any threat databases?

node2-py-store.com was flagged by 1 out of 30+ threat intelligence sources. Specifically flagged by: dns_security. The detected threat categories include: general threat.

How old is node2-py-store.com?

node2-py-store.com was first registered on November 3, 2025, making it approximately 7 months old. While relatively new, the domain has been active for several months.

Does node2-py-store.com use HTTPS and have a valid SSL certificate?

ScamLens could not verify the SSL certificate details for node2-py-store.com during this scan. Treat this as unavailable evidence, not as proof that the site is safe or unsafe.

What security headers does node2-py-store.com implement?

node2-py-store.com is missing important security headers: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security, Referrer-Policy, Permissions-Policy. Missing security headers can leave visitors vulnerable to cross-site scripting (XSS) and other web-based attacks.

What does the ScamLens community think about node2-py-store.com?

No community votes or reports have been submitted for node2-py-store.com yet. You can be the first to share your experience.

Where is node2-py-store.com hosted?

node2-py-store.com is hosted by CGI GLOBAL LIMITED in Helsinki, Finland (ASN: ASAS56971 AS56971 Cloud).

What should I do about node2-py-store.com?

Do not visit or interact with this domain. [6] If you intended to access Steam's store, use only store.steampowered.com directly. Report this domain to Google Safe Browsing and Steam's abuse team. Block this domain at your network/device level if possible [2][6].

Is this report useful?

Use this report to tell others to stop interacting now and move straight into containment, evidence preservation, and reporting.

Forward to your parents — they deserve to browse safely too.

About this analysis

This report is generated from real-time data across 90+ threat intelligence sources, combined with AI analysis and community feedback.

Learn about our scoring methodology | Last analyzed: June 23, 2026

All NICENIC INTERNATIONAL GROUP CO., LIMITED domains All CGI GLOBAL LIMITED domains

Other domains registered with NICENIC INTERNATIONAL GROUP CO., LIMITED