Got hit with an obvious scam message on steam this morning and thought why not inspect the site. Hopped in a kali VM and opened the site. Looks almost legit but seemed like an AITM or possible XSS. I'm still new to pen testing and bug bounty so it's times like these where I wish I had a mentor of some sorts. I did find a domain in redirection process that was on one blacklist according to MX Toolbox. Just thought I'd share this little journey with y'all.