Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://steamcommuni...

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://steamcommunity.com/openid/loginform/?goto=%2Fopenid%2Flogin%3Fopenid.ns%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%26openid.mode%3Dcheckid_setup%26openid.return_to%3Dhttps%3A%2F%2Ftheforeverwinter.replit.app%2F%2Fsteam%2Fcallback%3Fstate%3Dbe6927a5-af47-41cc-a118-77119b59ae68%26openid.realm%3Dhttps%3A%2F%2Ftheforeverwinter.replit.app%2F%26openid.identity%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select%26openid.claimed_id%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select%26state%3Dbe6927a5-af47-41cc-a118-77119b59ae68%3Fopenid.ns%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%26openid.mode%3Dcheckid_setup%26openid.return_to%3Dhttps%3A%2F%2Ftheforeverwinter.replit.app%2F%2Fsteam%2Fcallback%3Fstate%3Dbe6927a5-af47-41cc-a118-77119b59ae68%26openid.realm%3Dhttps%3A%2F%2Ftheforeverwinter.replit.app%2F%26openid.identity%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select%26openid.claimed_id%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select

  • Sample

    241031-cp9d2awka1

Score
6/10
steamdiscoverymotwphishing

Malware Config

Targets

    • Target

      https://steamcommunity.com/openid/loginform/?goto=%2Fopenid%2Flogin%3Fopenid.ns%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%26openid.mode%3Dcheckid_setup%26openid.return_to%3Dhttps%3A%2F%2Ftheforeverwinter.replit.app%2F%2Fsteam%2Fcallback%3Fstate%3Dbe6927a5-af47-41cc-a118-77119b59ae68%26openid.realm%3Dhttps%3A%2F%2Ftheforeverwinter.replit.app%2F%26openid.identity%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select%26openid.claimed_id%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select%26state%3Dbe6927a5-af47-41cc-a118-77119b59ae68%3Fopenid.ns%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%26openid.mode%3Dcheckid_setup%26openid.return_to%3Dhttps%3A%2F%2Ftheforeverwinter.replit.app%2F%2Fsteam%2Fcallback%3Fstate%3Dbe6927a5-af47-41cc-a118-77119b59ae68%26openid.realm%3Dhttps%3A%2F%2Ftheforeverwinter.replit.app%2F%26openid.identity%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select%26openid.claimed_id%3Dhttp%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select

    Score
    6/10
    steamdiscoverymotwphishing

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw

    • Detected potential entity reuse from brand STEAM.

      phishingsteam
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks