Windows Analysis Report
http://www.splendidcare.sa.com/Juwqdh/xacwk5957irfeugd/FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ

Overview

General Information

Sample URL: http://www.splendidcare.sa.com/Juwqdh/xacwk5957irfeugd/FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ
Analysis ID: 1466700
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
HTML body with high number of embedded images detected
HTML page contains hidden URLs or javascript code
Program does not show much activity (idle)

Classification

Phishing
barindex
AI detected phishing page
Source: http://www.splendidcare.sa.com LLM: Score: 8 brands: Reasons: The URL 'http://www.splendidcare.sa.com' is suspicious because it uses a subdomain structure that is often associated with phishing sites. The image shows a 'Human Verification Check' page, which is a common social engineering technique used to mislead users into thinking they need to verify their identity. This type of page is often used to redirect users to malicious sites. The presence of a 'Skip Verification and Enter Website Now' button is another red flag, as it encourages users to bypass the verification process, which can lead to phishing attacks. There is no clear indication of a legitimate brand associated with this site, and the domain does not match any known legitimate domains. Therefore, based on these observations, the site is likely a phishing site. DOM: 0.3.pages.csv
Source: http://www.splendidcare.sa.com LLM: Score: 8 brands: Reasons: The URL 'http://www.splendidcare.sa.com' is suspicious because it uses a subdomain structure that is often associated with phishing sites. The image shows a 'Human Verification Check' page, which is a common social engineering technique used to mislead users into thinking they need to verify their identity. This is often used to redirect users to malicious sites. The presence of a 'Skip Verification and Enter Website Now' button is another red flag, as it encourages users to click on a potentially harmful link. There is no prominent login form or CAPTCHA, but the use of social engineering techniques and the suspicious domain strongly suggest that this is a phishing site. DOM: 0.4.pages.csv
HTML body with high number of embedded images detected
Source: https://gotropislim.com/ HTTP Parser: Total embedded image size: 16168
Source: https://gotropislim.com/#hero HTTP Parser: Total embedded image size: 16168
HTML page contains hidden URLs or javascript code
Source: http://www.splendidcare.sa.com/clicks/bpage/topslim.php?sid=1035569&h=FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ HTTP Parser: Base64 decoded: http://www.splendidcare.sa.com/clicks/bpage/topslim.php?sid=1035569&h=FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ
Source: http://www.splendidcare.sa.com/clicks/bpage/topslim.php?sid=1035569&h=FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ HTTP Parser: No favicon
Source: http://www.splendidcare.sa.com/clicks/bpage/topslim.php?sid=1035569&h=FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ HTTP Parser: No favicon
Source: http://www.splendidcare.sa.com/clicks/bpage/topslim.php?sid=1035569&h=FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uf02t/0x4AAAAAAADnOjc0PNeA8qVm/light/normal HTTP Parser: No favicon
Source: http://www.splendidcare.sa.com/clicks/bpage/topslim.php?sid=1035569&h=FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ&__cf_chl_tk=Qo3onJpX2NN9iqTg6AK3IKQV7zteuSapwy7jedCnmwA-1719993703-0.0.1.1-2537 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 HTTP Parser: No favicon
Source: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=58d40fc70000ff00059f1303#locale=en-US&styleHeight=130px&styleWidth=100%25&theme=light HTTP Parser: No favicon
Source: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=58d40fc70000ff00059f1303#locale=en-US&styleHeight=130px&styleWidth=100%25&theme=light HTTP Parser: No favicon
Source: classification engine Classification label: mal48.phis.win@38/0@0/39
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,18058039625578469226,10548155103771464637,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.splendidcare.sa.com/Juwqdh/xacwk5957irfeugd/FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1700,18058039625578469226,10548155103771464637,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7116 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,18058039625578469226,10548155103771464637,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1700,18058039625578469226,10548155103771464637,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7116 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1466700 URL: http://www.splendidcare.sa.... Startdate: 03/07/2024 Architecture: WINDOWS Score: 48 26 AI detected phishing page 2->26 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 16 192.168.11.20 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        14 chrome.exe 6->14         started        process5 dnsIp6 20 31.25.12.17 TEQGB United Kingdom 11->20 22 31.25.12.21 TEQGB United Kingdom 11->22 24 35 other IPs or domains 11->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
34.110.180.34
 unknown United States
15169 GOOGLEUS false
34.107.117.83
 unknown United States
15169 GOOGLEUS false
157.240.249.35
 unknown United States
32934 FACEBOOKUS false
54.230.18.36
 unknown United States
16509 AMAZON-02US false
142.250.111.84
 unknown United States
15169 GOOGLEUS false
142.250.191.238
 unknown United States
15169 GOOGLEUS false
142.251.165.154
 unknown United States
15169 GOOGLEUS false
52.84.18.58
 unknown United States
16509 AMAZON-02US false
31.25.12.21
 unknown United Kingdom
56367 TEQGB false
35.244.212.226
 unknown United States
15169 GOOGLEUS false
142.250.190.66
 unknown United States
15169 GOOGLEUS false
172.67.154.9
 unknown United States
13335 CLOUDFLARENETUS false
54.225.7.157
 unknown United States
14618 AMAZON-AESUS false
35.190.80.1
 unknown United States
15169 GOOGLEUS false
162.247.243.39
 unknown United States
13335 CLOUDFLARENETUS false
31.25.12.17
 unknown United Kingdom
56367 TEQGB false
104.17.24.14
 unknown United States
13335 CLOUDFLARENETUS false
142.250.190.35
 unknown United States
15169 GOOGLEUS false
142.250.191.227
 unknown United States
15169 GOOGLEUS false
34.120.202.204
 unknown United States
15169 GOOGLEUS false
151.101.192.217
 unknown United States
54113 FASTLYUS false
216.239.32.181
 unknown United States
15169 GOOGLEUS false
157.240.249.8
 unknown United States
32934 FACEBOOKUS false
146.75.82.109
 unknown Sweden
30051 SCCGOVUS false
23.33.29.89
 unknown United States
13367 COMCAST-13367US false
23.33.29.83
 unknown United States
13367 COMCAST-13367US false
239.255.255.250
 unknown Reserved
unknown unknown false
104.21.44.135
 unknown United States
13335 CLOUDFLARENETUS false
31.25.12.51
 unknown United Kingdom
56367 TEQGB false
162.159.128.61
 unknown United States
13335 CLOUDFLARENETUS false
162.247.243.29
 unknown United States
13335 CLOUDFLARENETUS false
142.250.190.106
 unknown United States
15169 GOOGLEUS false
52.85.247.89
 unknown United States
16509 AMAZON-02US false
104.17.2.184
 unknown United States
13335 CLOUDFLARENETUS false
172.217.2.40
 unknown United States
15169 GOOGLEUS false
142.250.191.164
 unknown United States
15169 GOOGLEUS false
172.217.4.206
 unknown United States
15169 GOOGLEUS false
142.250.191.163
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.11.20

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uf02t/0x4AAAAAAADnOjc0PNeA8qVm/light/normal false
    		unknown
    https://gotropislim.com/#hero false
      		unknown
      https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=58d40fc70000ff00059f1303#locale=en-US&styleHeight=130px&styleWidth=100%25&theme=light false
        		unknown
        http://www.splendidcare.sa.com/clicks/bpage/topslim.php?sid=1035569&h=FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ true
          		unknown
          https://player.vimeo.com/video/864351157?h=75b1f32070&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 false
            		unknown
            https://app.campaignrefinery.com/unsubscribe?c=5b3fb967-1467-4f75-a434-25b537201ad8&b=54d49514-f843-4e2e-94e5-8be2d989695e&f=3d8d1c90-1d43-4590-8dd4-f4a952d057cc false
              		unknown
              https://www.digistore24.com/ false
                		unknown
                https://gotropislim.com/ false
                  		unknown
                  https://player.vimeo.com/video/864134318?h=e3208bb7c4&background=1&autoplay=1&title=0&byline=0&wmode=transparent&autopause=0 false
                    		unknown
                    http://www.splendidcare.sa.com/clicks/bpage/topslim.php?sid=1035569&h=FW2HGOqFbIVQssWaWxsuPFbxoA78Qv8umKJQmKBGMM0/enpkwYwNDdxjXCgjy64rbJkHYw5eTv2C-VSAAV3Fufzkb2cfb573zE5R9OTtHCML20yl9BXVgVz_5eGAS31RGQ&__cf_chl_tk=Qo3onJpX2NN9iqTg6AK3IKQV7zteuSapwy7jedCnmwA-1719993703-0.0.1.1-2537 true
                      		unknown