Source: http://nlbizsolutions.com/dsswey4464/update?email=backoffice@sampension.dk | Avira URL Cloud: detection malicious, Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update?email=backoffice@sampension.dk | SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering |
Source: http://nlbizsolutions.com/dsswey4464/update?email=backoffice@sampension.dk | UrlScan: detection malicious, Label: phishing brand: generic generic email | Perma Link |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | SlashNext: Label: Fake Login Page type: Phishing & Social Engineering |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/img/middle.png | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/?email=backoffice | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/logo.png | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/loginDialog.js | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/generatedDefaults.js | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/is | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/loginBasic.css | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/bottom.png | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6E | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/?email=backoffice@sampension.dk | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/top.png | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/img/background.png | Avira URL Cloud: Label: phishing |
Source: http://nlbizsolutions.com/dsswey4464/update/login_files/loginAdvanced.css | Avira URL Cloud: Label: phishing |
Source: Yara match | File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\hchgukzwr4viyk41vpqmzxrf[1].htm, type: DROPPED |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: Number of links: 0 |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: Number of links: 0 |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: Title: Sampension | Sign-in does not match URL |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: Title: Sampension | Sign-in does not match URL |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: Has password / email / username input fields |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: Has password / email / username input fields |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: Form action: mail.php |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: Form action: mail.php |
Source: http://nlbizsolutions.com/dsswey4464/update?email=backoffice@sampension.dk | Sample URL: PII: backoffice@sampension.dk |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: No <meta name="author".. found |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: No <meta name="author".. found |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: No <meta name="copyright".. found |
Source: http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6EFFCA3F5785DF04D&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=backoffice@sampension.dk&Connect_Authentication_Properties&&nonce=50086702864b141fa6256f0d6effca3f5785df04d&redirect_uri=&ui_locales=en-US&mkt=en-US | HTTP Parser: No <meta name="copyright".. found |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe | File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll |
Source: unknown | HTTPS traffic detected: 13.32.25.98:443 -> 192.168.2.4:49737 version: TLS 1.2 |
Source: global traffic | HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 08 Apr 2021 10:04:14 GMTServer: nginx/1.19.5Content-Type: text/html; charset=UTF-8Content-Length: 1456Vary: Accept-EncodingContent-Encoding: gzipX-Server-Cache: falseData Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 db 6e 1b 37 10 7d 8e bf 82 60 50 d8 6e 2d ad 6c 25 69 23 6b 85 e6 66 20 40 9d 06 75 f2 56 c0 a0 c8 d9 5d 46 5c 72 43 72 65 c9 6d ff bd 43 ee 45 b2 2c a7 69 a2 07 2d 39 33 9c 39 73 ce 99 16 be 54 b3 83 69 01 4c e0 a7 04 cf 48 e1 7d 35 80 cf b5 5c a6 f4 95 d1 1e b4 1f 7c 58 57 40 09 6f 6e 29 f5 b0 f2 49 78 7a 4e 78 c1 ac 03 9f 7e fc 70 31 f8 85 76 3d 34 2b 21 a5 4b 09 37 95 b1 7e eb e5 8d 14 be 48 05 2c 25 87 41 bc 9c 10 a9 a5 97 4c 0d 1c 67 0a d2 d3 13 52 62 a4 ac cb ad 00 5b 6d 07 c2 18 2f bd 82 d9 15 2b 2b d0 4e 1a 4d fe 26 57 32 d7 03 a9 a7 49 93 3b 98 2a a9 17 c4 82 4a a9 44 00 94 78 dc 02 cf 25 cb c1 25 95 ce 29 71 f2 16 5c 4a 4f 9f fd 78 fa 8c 92 c2 42 96 d2 b0 ff 24 49 5c df 7a 28 16 49 c6 96 a1 c7 10 ff c2 74 c7 ad ac 7c db 30 b2 f1 89 2d 59 13 c5 ae 96 a7 74 98 28 93 4b 7d 9d 49 85 d3 e2 f9 35 6e 69 f2 e1 27 47 67 d3 a4 29 fe 96 5e 39 68 b0 cc 83 78 0d 19 ab 95 77 df dd 51 de 7d 1f 79 6b c8 d8 b3 c5 4b e6 24 1f 72 e7 68 c3 ad f3 6b cc 15 00 9e fe e7 db 17 62 c9 34 07 f1 e0 f3 a4 75 e2 dc 88 75 50 99 cd 15 10 a6 50 d9 94 72 74 10 58 4a e6 c6 0a b0 29 1d a1 af 40 a9 8a 09 21 75 de df 5d c5 78 77 2f 40 e6 05 da ee 74 34 fa 81 92 c6 7c cd 65 76 f0 68 ea 9b 29 8f f0 64 c3 07 bf e2 de b0 9c 1b 65 70 da e3 8b f8 a3 64 d9 56 94 52 08 05 b4 7d 18 81 fe 0f 64 3b 58 62 8f 0e 4e bc d8 1e fc 78 34 6a 4b f6 23 64 7c 91 5b 53 6b 91 d2 3b a2 96 79 b2 c9 0d a3 df f7 61 df 82 bf d5 e9 9b 68 0e 48 bb cd 9e 3f d9 a0 be bb db a3 0d e1 f7 96 b2 a1 11 7a 34 98 22 a5 ed cc 41 8c 4e ce 46 d5 8a de 79 d6 a0 ee 15 e2 f1 f7 f5 c8 4f 7b b0 4f b6 28 de 87 f7 1e e4 16 f5 0e 63 3d 92 2c fe 76 f7 98 90 a7 d5 ea 9c 78 58 f9 41 dc 77 42 1a 11 cf 37 ca 78 53 d1 dd 39 df ef ad 2f 2d b6 e3 b6 a7 a3 dd 37 cd aa 6d d3 b3 d0 73 9a 78 b1 b7 a8 5d 42 41 e6 f7 57 61 cc ee 42 4a f6 60 c2 60 d8 7a 76 30 cd 8c 2d 09 e3 5e 9a e0 5b 26 d5 b0 2a 2a 4a 4a f0 85 41 d6 2b e3 d0 2f da 04 fe 04 f3 48 f6 e6 8c 8b 4c 85 5c 12 89 75 ca e4 e6 42 82 12 bd 28 99 d1 7e e0 e4 2d 4c ce 9e 04 59 a2 76 93 c7 a3 b3 17 a3 37 a3 73 12 d3 37 91 94 c9 dc 28 71 4e 67 57 2f 2e df bf 79 77 f5 f6 f7 77 53 59 e6 b1 ed ea 9a 67 37 d8 d2 f2 94 0e 13 1c 22 f5 75 26 15 b8 70 36 c3 4a e7 14 49 41 5a 2f 11 f9 96 dd 68 cf 37 9e 91 29 84 89 60 1b a5 db a2 f1 78 fc f5 56 c6 7b 0 |