urlscan.io logo urlscan.io
SecurityTrails logo

lp.nevada777.com Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://download.nevada777.com/Affiliate/remote/AidDownload.asp?casinoID=1222&gAID=89157&subGid=0&bannerID=0&trackingid=rxqpdon...
Effective URL: https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&DID=2020197&downloadid=20201...
Submission Tags: @phish_report
Submission: On October 22 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 1 domains to perform 2 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is lp.nevada777.com.
TLS certificate: Issued by E1 on September 23rd 2023. Valid for: 3 months.
This is the only time lp.nevada777.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious2 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
2 2 190.4.88.54 16973 (T-Four Se...)
2 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 1
Apex Domain
Subdomains		 Transfer
4 nevada777.com
download.nevada777.com
lp.nevada777.com
nevada777.com
426 KB
2 1
Domain Requested by
2 download.nevada777.com 2 redirects
1 nevada777.com lp.nevada777.com
1 lp.nevada777.com
2 3

This site contains links to these domains. Also see Links.

Domain
download.nevada777.com
Subject Issuer Validity Valid
nevada777.com
E1		 2023-09-23 -
2023-12-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&DID=2020197&downloadid=2020197&affid=118&CASINONAME=mccnevada&RTGURL=https%3A%2F%2Fwww%2Ecdnfile%2Eeu%2Fdl%2FTrackSetup%2FTrackSetup%2Easpx%3FDID%3D2020197%26downloadid%3D2020197%26affid%3D118%26CASINONAME%3Dmccnevada&redirect=https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&trackingID=rxqpdonhxnwheywdgtp
Frame ID: 2AD74883781C092872A3FABAF9F78071
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Up to $20000 | Nevada777

Page URL History Show full URLs

  1. http://download.nevada777.com/Affiliate/remote/AidDownload.asp?casinoID=1222&gAID=89157&subGid=0&bannerID=... HTTP 302
    http://download.nevada777.com/smartdownloadcasino.asp?redirect=https://lp.nevada777.com/landingpages/600-b... HTTP 302
    https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&DID=2020... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

2
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

3
Subdomains

1
IPs

2
Countries

425 kB
Transfer

427 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://download.nevada777.com/Affiliate/remote/AidDownload.asp?casinoID=1222&gAID=89157&subGid=0&bannerID=0&trackingid=rxqpdonhxnwheywdgtp&redirect=http%3A%2F%2Fdownload.nevada777.com%2Fsmartdownloadcasino.asp%3Fredirect=https%3A%2F%2Flp.nevada777.com%2Flandingpages%2F600-bonus-usa.php%3Ftrackingid%3D89157_rxqpdonhxnwheywdgtp&afp=743171338&afp1=823080 HTTP 302
    http://download.nevada777.com/smartdownloadcasino.asp?redirect=https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&trackingID=rxqpdonhxnwheywdgtp HTTP 302
    https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&DID=2020197&downloadid=2020197&affid=118&CASINONAME=mccnevada&RTGURL=https%3A%2F%2Fwww%2Ecdnfile%2Eeu%2Fdl%2FTrackSetup%2FTrackSetup%2Easpx%3FDID%3D2020197%26downloadid%3D2020197%26affid%3D118%26CASINONAME%3Dmccnevada&redirect=https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&trackingID=rxqpdonhxnwheywdgtp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 600-bonus-usa.php
lp.nevada777.com/landingpages/
Redirect Chain
  • http://download.nevada777.com/Affiliate/remote/AidDownload.asp?casinoID=1222&gAID=89157&subGid=0&bannerID=0&trackingid=rxqpdonhxnwheywdgtp&redirect=http%3A%2F%2Fdownload.nevada777.com%2Fsmartdownlo...
  • http://download.nevada777.com/smartdownloadcasino.asp?redirect=https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&trackingID=rxqpdonhxnwheywdgtp
  • https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&DID=2020197&downloadid=2020197&affid=118&CASINONAME=mccnevada&RTGURL=https%3A%2F%2Fwww%2Ecdnfile%2Eeu%2F...
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&DID=2020197&downloadid=2020197&affid=118&CASINONAME=mccnevada&RTGURL=https%3A%2F%2Fwww%2Ecdnfile%2Eeu%2Fdl%2FTrackSetup%2FTrackSetup%2Easpx%3FDID%3D2020197%26downloadid%3D2020197%26affid%3D118%26CASINONAME%3Dmccnevada&redirect=https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&trackingID=rxqpdonhxnwheywdgtp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.28
Resource Hash
aadeb08939e5b1025d6f5691328513abfc33cf1f3e6fccd018c4844b6a909d6b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
819e1aea0eb4d995-HEL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 22 Oct 2023 01:53:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7lX2GmTz5csK4gUFLi5%2F9cX7LU%2B6pBQzlm%2BvDJfoeuPn3zrsRkJA1YLkMXtAS3j293yRaDApPbkH9LghiS7ixdPzcR%2BHbMs3MtwFaksMR0AblWEsF0icEpf9RzNXH%2Ft9KiXEyQs7c%2BkheRaJ5Rf7"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.28

Redirect headers

Cache-Control
private
Content-Length
592
Content-Type
text/html
Date
Sun, 22 Oct 2023 01:53:09 GMT
Location
https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&DID=2020197&downloadid=2020197&affid=118&CASINONAME=mccnevada&RTGURL=https%3A%2F%2Fwww%2Ecdnfile%2Eeu%2Fdl%2FTrackSetup%2FTrackSetup%2Easpx%3FDID%3D2020197%26downloadid%3D2020197%26affid%3D118%26CASINONAME%3Dmccnevada&redirect=https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&trackingID=rxqpdonhxnwheywdgtp
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
nevada-lp-usd-20-desktop.webp
nevada777.com/wp-content/uploads/2023/07/ 		422 KB
423 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nevada777.com/wp-content/uploads/2023/07/nevada-lp-usd-20-desktop.webp
Requested by
Host: lp.nevada777.com
URL: https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&DID=2020197&downloadid=2020197&affid=118&CASINONAME=mccnevada&RTGURL=https%3A%2F%2Fwww%2Ecdnfile%2Eeu%2Fdl%2FTrackSetup%2FTrackSetup%2Easpx%3FDID%3D2020197%26downloadid%3D2020197%26affid%3D118%26CASINONAME%3Dmccnevada&redirect=https://lp.nevada777.com/landingpages/600-bonus-usa.php?trackingid=89157_rxqpdonhxnwheywdgtp&trackingID=rxqpdonhxnwheywdgtp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f4bc83ce2f20dfd6abb7a875303e88b1952d49fb6d0a7958c2c4be0b3bbd56e

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://lp.nevada777.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 01:53:11 GMT
cf-cache-status
MISS
last-modified
Fri, 28 Jul 2023 08:58:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"69834"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WzYmdNeGmJF1JJjECo2kkRKoXYuGBfSFTR1VM2co4yVPdqw%2FMRCiBuT834Ey4yoete6nVvvkGxx3otyf9Q4Ozq5oICsnaD9OpzarMEAiBc9SeCeSRqMz9Clpu0j26WXDxFot4mAIZiPH0CS3"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
819e1aebb9d6d995-HEL
alt-svc
h3=":443"; ma=86400
content-length
432180

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on October 22nd 2023, 1:55:57 am UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN SPYWARE: https://go.aff.nevada777.com/tapqdic8?afp=743171338&afp1=823080 sent by RUSSIAN MALNET using harvested emails and MALICIOUS websites: https://jomaliff.live https://www.greywish.com https://go.aff.nevada777.com http://download.nevada777.com https://derewo.lviv.ua http://derewo.lviv.ua https://coin-bas-e-2fa.com https://tatalina.foundation https://1tatalina.foundation https://www.parakolo.com https://offer.kingarner.com https://blackfreeday.store https://jump.trakmylink.com

Malicious page.url
Submitted on October 22nd 2023, 1:54:06 am UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN SPYWARE: http://download.nevada777.com/Affiliate/remote/AidDownload.asp?casinoID=1222&gAID=89157&subGid=0&bannerID=0&trackingid=rxqpdonhxnwheywdgtp&redirect=http%3A%2F%2Fdownload.nevada777.com%2Fsmartdownloadcasino.asp%3Fredirect=https%3A%2F%2Flp.nevada777.com%2Flandingpages%2F600-bonus-usa.php%3Ftrackingid%3D89157_rxqpdonhxnwheywdgtp&afp=743171338&afp1=823080 sent by RUSSIAN MALNET using harvested emails and MALICIOUS websites: https://jomaliff.live https://www.greywish.com

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Domain/Path Name / Value
download.nevada777.com/ Name: trackingid
Value: rxqpdonhxnwheywdgtp
download.nevada777.com/ Name: bannerID
Value: 0
download.nevada777.com/ Name: subGid
Value: 0
download.nevada777.com/ Name: gAID
Value: 89157
download.nevada777.com/ Name: casinoID
Value: 1222
download.nevada777.com/ Name: ASPSESSIONIDAQDDRCTC
Value: GNMDIIMBNIFDCLCAMBOAJEEE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

download.nevada777.com
lp.nevada777.com
nevada777.com
190.4.88.54
2a06:98c1:3121::3
7f4bc83ce2f20dfd6abb7a875303e88b1952d49fb6d0a7958c2c4be0b3bbd56e
aadeb08939e5b1025d6f5691328513abfc33cf1f3e6fccd018c4844b6a909d6b