Source: Yara match |
File source: 3.7.pages.csv, type: HTML |
Source: Yara match |
File source: 2.6.pages.csv, type: HTML |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 |
LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8' is highly suspicious due to its complex and nonsensical structure, which does not resemble any legitimate Microsoft domain. The image mimics a Microsoft login page, which is a common tactic in phishing to deceive users into entering their credentials. The domain name does not match any known Microsoft domain, increasing the likelihood of it being a phishing attempt. |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 |
Matcher: Found strong image similarity, brand: MICROSOFT |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 |
Matcher: Template: microsoft matched |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8# |
Matcher: Template: microsoft matched |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 |
HTTP Parser: Number of links: 0 |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
HTTP Parser: Base64 decoded: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 |
HTTP Parser: Title: cd7483a42f6e18cdea135ba3ec986664663ac2b03ebcb does not match URL |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 |
HTTP Parser: Invalid link: get a new Microsoft account |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
HTTP Parser: No favicon |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
HTTP Parser: No favicon |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
HTTP Parser: No favicon |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal |
HTTP Parser: No favicon |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal |
HTTP Parser: No favicon |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 |
HTTP Parser: No favicon |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 |
HTTP Parser: No <meta name="author".. found |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 |
HTTP Parser: No <meta name="copyright".. found |
Source: unknown |
HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49716 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49717 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49735 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49769 version: TLS 1.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.125.88.106 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.127.169.103 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /r/SS4jvcjIJW5OKLhohn858CKuFqQTiGsTF4bMNFkWzSKakJ_Sr0kNph4NNpxoiPK0EAnA15aATkzZxU7gtOfsUbyWTZoMomkSjCmwViKJPV71FvgKKHeJaRJKO5bXkDmjH_U9n9HmasY0v4yj31SrCfyzcg94PS5kNX4jXolAOaPjYqHUCbLuGl2_LLDafJsfHk6TN8mCYPDoT-wQC1U0VHJ1e9sOSrcOxKNKdaMZ8ZcMjbsC2XiEMoa8DrlfrJlxq9pQJ6YUZwKJa6bEvv8LUzoBr9H2DDmZIrlIXJbp7uQgDpbaaOxrpokkdDYwNpuqmCnR3MPjSLoxQuD1oKoXrdDXONFzTtiSDA9w4jh1rA5ZZuI-FmXuV1b8CM5XRaUPAxx-dwjRuubG2MWrwOv32bfvvOYxQMb5yp-HA4obO9evxZmoM5R0wJm6rwO6Q0ZVJCMDX2Qenfn1bCjjUuz7gD2coZBuZ-8MAWFlBv0zSssiKwZnTcC2qIL_eAb7TZJYAGXMTnOFNFGTICZVk6PgM7u-WIRpNKTdCSAynES87t5cMRF-QP8B-IDIhUfZB7V9NfM42L1PWZ_QZLMiZ0NY4opRkAFutfHiGj_grcPqeKPjheMbUbGaatJLhLlH1dnhWluPrL1psfC-rQSJtyiHQqw3ERLlidnPvKkrPtMVPXnSookvPAr-ejhQoCUNiSgoRt4urF-5IvE0v-aGN94OETq-xz6WQqT4WCKeGP7kB3u73mfryKZw6JLHaDzG3n1fjhzkcIgP1XFn7ySD9Zxo90jAe4OhLXhgTV0wFONPGdYyV91DPMnGoa2iX4pPDdBjLGwJq4YHJgUEO1KOzEE-3uYZRD4UL8YBFtI0UzGFqE-6bSxr-dqDsaZGewHDM6KFvyDuZEBDbdBHrA4KUlwgiL25FiVouun7D5pyvw7lVC_6TwPSZkacMkT4amOhP6iBvd0VzppkeglW5BCe_f7_Qn7todNstGo4T9YFcWjzI23HOqYLVvnpoU5tQ480AemcpYNkpeHycDBYc5ozFn3_0hOeSpJdM4DZftIn7VtuG0Y7-tDK0_gz559n5FbHII9DlpRtyFgKONoiRer-N5INHRHiE-TIMVpFVcm6YqvY9qAQwbQIVpD_1mAlo9eTIYKfwZq6Zvfy23BXd_QLSfVLurwlaa4sKQX7pSINd8lyjvZxdS1gHkywwKtPoNRyJu7XnwH3aU7FJs6SaglFap7X6H9q3XKLLVJbd_LViRbyixfT2Ch4DD-RWcHfPIqsR13f0jc6H2KY_uSguk793ma1Ma26o20B28g-gw5bRWw4S-TjjNrhNJwc_789pTWZl6cnvzCsWdPOR5GQFc7NiKMQGo1ZI-1zfP6WF8DzlPfuABan_tvGneMrhN6aC9q_p3BOhQcCLIacQ6pOqgoy9kqex8PLmw2Po034jiJZtrNjVJsDB6WJWdOZpJsw6VEj-aIZojjDsOCyXJVFxvdJZdUqu2hCS7cXQ02e9BDNw51EqCi0NdseDrfCijXBmfHCeAFLNYuZTzuxmaJ6zkMQ89AmsK-vDO8UiqpmyUhA3nINibSxd-qUeLrv8dIc3QV0hWt3BIRWA_FT4wB_S2YmNS5RwUmcfRj6nxb-_W-uRIol8jJRfgsTakFlVnp0ckhuzPNW2Zx7JH4E752ULtzRTSqMdgR7t4100ffrRSfKpJ1b1jK8l8I7oV31AZQQFyiJRoW5Y2RFyHRpvu1fquvRRqMHvVI9oPykmLC-ezDQftCJE26B5wR0lLWhHlX-3ndNnwlDNeWl3lNhZgQsg7Kns8OAmVjKuIAsOtb1lrURWqEx7o9H7Tp3XewiXjak_9_4bZ0nQ7vWj4a3P3RbYZkTxRtUgF8iLljHQiGK2o8bS5cJ9E5Pwp8k0HvTEDojw1ti1lO_nPWR_7bfdABYfN9YMFsj8g HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", |