store.workshopmodscommunity[.]com
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quttera Web Malware Removal is a paid subscription service. Pricing, plans, and trial availability are set by Quttera. Quttera is operated by Quttera Ltd, an independent third-party company unrelated to RCS LT. PCRisk.com may earn a referral commission when users sign up through this link.
Description of store.workshopmodscommunity[.]com
The domain store.workshopmodscommunity[.]com appears to host a login page styled to resemble the Steam gaming platform, including branding elements associated with Valve and a "Sign In" prompt. Based on the screenshot and page title, the page seems designed to solicit account credentials rather than provide independent editorial or community content. The subdomain structure and naming do not appear to match the official Steam domain ecosystem.
The site does not present clear information about a legitimate operator, company identity, or service purpose beyond the imitation login interface. Given the visual presentation, it may be attempting to target users of a gaming platform by mimicking a familiar sign-in experience. Based on available data, this appears more consistent with a credential-harvesting or impersonation page than with a genuine gaming community or storefront.
Safety Assessment for store.workshopmodscommunity[.]com
Multiple warning signals were observed at the time of this scan. The URL was flagged by 13 out of 94 security engines, and a malware scan reported suspicious findings in one JavaScript file. The page screenshot shows a login form closely resembling Steam, while the domain itself is not an official Steam-owned domain. That mismatch may indicate a look-alike page intended to capture usernames, passwords, or other account access details.
Additional risk factors include the extremely recent registration date of just 1 day, the lack of established traffic ranking, and the use of a generic subdomain that could be created quickly for short-term abuse. Although some blacklist databases did not list the site at the time of this scan, newly created phishing pages are not always immediately reflected across all data sources.
Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site uses a valid Let's Encrypt TLS certificate and is fronted by Cloudflare infrastructure, with the server resolving to a Cloudflare IP in Canada. The domain uses Cloudflare nameservers, and DNSSEC appears to be unsigned. A valid certificate only indicates encrypted transport and should not be treated as proof of legitimacy.
From a security perspective, the most notable technical concern is the suspicious JavaScript file identified during scanning, combined with the newly registered domain and phishing-style login presentation. The hosting setup may help obscure origin infrastructure, which is common for both legitimate sites and short-lived abusive campaigns.
Share your experience with this website. Was it safe? Did you encounter any issues?