Source: Yara match |
File source: 2.6.pages.csv, type: HTML |
Source: Yara match |
File source: 3.7.pages.csv, type: HTML |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7 |
LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7' is highly suspicious due to its complex and nonsensical structure, which does not resemble a legitimate Microsoft domain. The image mimics a Microsoft login page, which is a common tactic in phishing to deceive users into providing sensitive information. The domain name does not match any known Microsoft domain, further indicating a phishing attempt. |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7 |
Matcher: Found strong image similarity, brand: MICROSOFT |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7 |
Matcher: Template: microsoft matched |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7# |
Matcher: Template: microsoft matched |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7 |
HTTP Parser: Number of links: 0 |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
HTTP Parser: Base64 decoded: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7 |
HTTP Parser: Title: 33a2f57e7fb1df9ff96217c7ca973f94663ac355746da does not match URL |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7 |
HTTP Parser: Invalid link: get a new Microsoft account |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
HTTP Parser: No favicon |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
HTTP Parser: No favicon |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ |
HTTP Parser: No favicon |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/oz2za/0x4AAAAAAADnPIDROrmt1Wwj/light/normal |
HTTP Parser: No favicon |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/oz2za/0x4AAAAAAADnPIDROrmt1Wwj/light/normal |
HTTP Parser: No favicon |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7 |
HTTP Parser: No favicon |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7 |
HTTP Parser: No <meta name="author".. found |
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7 |
HTTP Parser: No <meta name="copyright".. found |
Source: unknown |
HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49726 version: TLS 1.0 |
Source: unknown |
HTTPS traffic detected: 23.198.162.10:443 -> 192.168.2.5:49714 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.198.162.10:443 -> 192.168.2.5:49715 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49726 version: TLS 1.0 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.198.162.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /s/LOTCCXD9yEtpw99u6JYxu?domain=urldefense.proofpoint.com HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /r/BUS351laoVh7OhcLTI_PJnDTH02QsKE7gashTsMEl-lWLDiS1dboRBNST10JnVcFDpmopEgFks2adz8ILL_tIlnzCPoZ-RXG4LhdbnQgOwG0ySmniBYXxjZP8OQ45qGA6B29BkKB4JGQHCkKG-Z43uoJAZZYvHF6ORVEcMwvCmJuzAMkKV9lmoPYz_waJioS1GP1hkpT4xlcFC3R6yYFk0iguNcaRJuY0kwYTqW1L0SjvfjXjPw8P39rKX6xWVVe12OuleSqnlUKlLNlAG_xht46MeylJowzOHCXc49SBYiPH0jASub_NM9CO0DVdMYGXbcODV-SB3Xp22zxBvNce_sNDaS5CkI-69QxgTda0UdKdPU7B8eFkLcSb3SKP_F03XSYj0GtExQv3aflB8vG_s1bdOs6zSdQe-msA8VeSIPYJwRNSKugCVNalEWQHGFGuOGu4PwdPsnD40c1_0UzuhExgm2157r8tS-XHoQD6Hh2KQqYG5POeh6Jq0Mv9FsD0i_tcz-cfpsbpHXqJ1vk26jJh2u3tp9GonA8NenAndrflFUUCm-CdTWV26KhmLHY6iLuKQtD3IIbjwvTaHtZSj3ux8N6-ziU3sNyUZXLOjRUpO3nj3ScUZ1z2d73C7KfVYXqeCANJYPfAPghrdf2GqyaXhNX8thCwQJa59P-_2lBMCIkvWkz1uLzC6YpzOy1UkJWzIeOlrPli6IfmHL7QiQctpLcCCMEAqvVtxwHX7daTV4TC-mMQi2COAhfxt-goff-HXRzR2BDI8OsnxSUtAVgmMR7evuSq2Ga1ar5d-CkSlxYPFhw0azHRhkfaSfAhkd38N6vseuAOrFFZWk7qDQIBEhupY_HlXSjk75-TAlm76kNLRXbJLuhTYqALoTSaxhbjvzYcQ1wUP_SM2K7u6kN-hxW4QzWhpIy525-o9rVYqLrHvDAeianj7ebQuC87O6em7Fr38OfZL1USPWW4b4EsBOXZ5AyxrJKP9Q9uBNGRG5PIU23AGtyEbopLBxuzbZVRL8EiCdYfMtQQYRn9VD-13xTPIuLykcO-flK-2XpeFCZHeZKgLMPkYhrf8Zv0yEILTisHiQfL9FQDR8CJeKbMNI0LTy8dMKmGQ9veZoaWII4nIgHRcXgyAsfwyDtQKWsqnLAHcIDoWvWXMIlbAJiWp3fO1fUYgfBQIa4lQ9osT8GKRdNtPwoNsKWG2pyqw7XRatpiSiPpQKhqoaWctQHzJVwC4Us_8MoaMgt1_Hnpc9G-Vy5iJjAtMBJxC6xFkmvhWecM8poYXjcpEH7CPRA3O8aBFLwdcBiMrYQPZU0lrwrkZbO1wx4cEhNol_rG1NMZfH5iB7fC9U_LxszF7Bkv7n32Kx4c4IDDH4559QyQNXA2CMfZc668QMuRAJgE6qITrrv6uwdJfXhwyO0irqpi_J6ZapYYoMjfy0mLdt9SuAdN-I3LIc8OtwPMWW3slz9EyMdmIGa9KGXmXUWJsCAbMfrpL2ZBPAlIw76sWjGexBv2OqHx9dU_TQ4b_VgE6OpXez074uYA5ONAES0ehi9TqvDflBEuyK7ECEImzT5h6gNfGY4clS9No8VibEUdqD2hZe3MRXGGEjXlFF-tMM6DOYVvnQYcjDPVCJvZXxD2pMDF5IWNi2FgMjw4uYtL4MiUiGs7ssRZ6Dy84KhV2-8GAkyHnMEQ03alA3M0X4O6qxG9zgl508PTxEtPdi_z5RMHyyA_MB-qcBEMe1q5HMYRvDXbiLhtF4FWvB3F_PV0mg2ODcJn-LGaynEAxKQa5cutW_mgoJKWbINEZhGnJSP9JkFVa5VMK6NMEzEEfNPXJEpeI-s6xA-Voer5ultHzLG_PS2L03fFS0pP2FvbvecMGf8tkiw_skJyCSF6yWK9qTnSpSOpAk7r9lnZY96 HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec |