Edit tour
Windows
Analysis Report
https://scorpioncasinos.pages.dev/
Overview
General Information
Detection
HTMLPhisher
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Suricata IDS alerts for network traffic
Yara detected BlockedWebSite
Yara detected HtmlPhish64
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML title does not match URL
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Classification
- System is w10x64
- chrome.exe (PID: 2924 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1060 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2112 --fi eld-trial- handle=196 4,i,121338 7741457288 8158,13564 0029746309 8381,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6372 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://scorp ioncasinos .pages.dev /" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_64 | Yara detected HtmlPhish_64 | Joe Security | ||
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security | ||
JoeSecurity_HtmlPhish_64 | Yara detected HtmlPhish_64 | Joe Security | ||
JoeSecurity_HtmlPhish_64 | Yara detected HtmlPhish_64 | Joe Security | ||
JoeSecurity_HtmlPhish_64 | Yara detected HtmlPhish_64 | Joe Security | ||
Click to see the 1 entries |
⊘No Sigma rule has matched
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-06T21:25:18.673501+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49739 | TCP |
2024-10-06T21:25:24.380899+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49780 | TCP |
2024-10-06T21:25:24.384312+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49781 | TCP |
2024-10-06T21:25:25.466640+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49793 | TCP |
2024-10-06T21:25:25.471087+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49794 | TCP |
2024-10-06T21:25:25.522426+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49797 | TCP |
2024-10-06T21:25:26.004242+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49801 | TCP |
2024-10-06T21:25:26.552568+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49806 | TCP |
2024-10-06T21:25:26.585824+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49807 | TCP |
2024-10-06T21:25:27.127949+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49818 | TCP |
2024-10-06T21:25:27.137173+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 49817 | TCP |
2024-10-06T21:25:27.802079+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49823 | TCP |
2024-10-06T21:25:27.803151+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49824 | TCP |
2024-10-06T21:25:28.312906+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49832 | TCP |
2024-10-06T21:25:28.439045+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 49836 | TCP |
2024-10-06T21:25:28.946678+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 49845 | TCP |
2024-10-06T21:25:29.819878+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 49864 | TCP |
2024-10-06T21:25:31.638296+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49887 | TCP |
2024-10-06T21:25:33.263744+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 49897 | TCP |
2024-10-06T21:25:34.234944+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49900 | TCP |
2024-10-06T21:25:35.396545+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 49904 | TCP |
2024-10-06T21:25:43.534515+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49915 | TCP |
2024-10-06T21:25:44.894125+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 49920 | TCP |
2024-10-06T21:25:46.160808+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49922 | TCP |
2024-10-06T21:25:47.494134+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49924 | TCP |
2024-10-06T21:25:48.778320+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 49926 | TCP |
2024-10-06T21:25:50.452099+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49930 | TCP |
2024-10-06T21:25:53.632400+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49955 | TCP |
2024-10-06T21:25:53.646233+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49954 | TCP |
2024-10-06T21:25:54.125779+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49960 | TCP |
2024-10-06T21:25:54.133369+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49959 | TCP |
2024-10-06T21:25:54.896077+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49971 | TCP |
2024-10-06T21:25:54.933815+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49972 | TCP |
2024-10-06T21:25:55.035054+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 49975 | TCP |
2024-10-06T21:25:55.243976+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49978 | TCP |
2024-10-06T21:25:55.267113+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49979 | TCP |
2024-10-06T21:25:56.059233+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49989 | TCP |
2024-10-06T21:25:56.090265+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 49991 | TCP |
2024-10-06T21:25:57.453709+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 50013 | TCP |
2024-10-06T21:25:57.605171+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 50017 | TCP |
2024-10-06T21:25:57.616958+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 50019 | TCP |
2024-10-06T21:25:58.424777+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 50030 | TCP |
2024-10-06T21:25:58.434655+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 50032 | TCP |
2024-10-06T21:25:59.587765+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.96.3 | 443 | 192.168.2.4 | 50041 | TCP |
2024-10-06T21:26:00.881310+0200 | 2018302 | 1 | A Network Trojan was detected | 188.114.97.3 | 443 | 192.168.2.4 | 50043 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | SlashNext: |
Phishing |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |