Click to jump to signature section
Source: https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com | SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering |
Source: Yara match | File source: 2.6.pages.csv, type: HTML |
Source: Yara match | File source: 3.7.pages.csv, type: HTML |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 | LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153' is highly suspicious due to its complex and non-standard structure, which does not resemble Microsoft's legitimate domain. The image mimics a Microsoft login page, which is a common tactic in phishing to deceive users into providing sensitive information. The domain name does not match Microsoft's official domain, indicating a high likelihood of phishing. |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 | Matcher: Found strong image similarity, brand: MICROSOFT |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 | Matcher: Template: microsoft matched |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153# | Matcher: Template: microsoft matched |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 | HTTP Parser: Number of links: 0 |
Source: https://xdocusigniusmmxx.smumsmd.ws/ | HTTP Parser: Base64 decoded: https://xdocusigniusmmxx.smumsmd.ws/ |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 | HTTP Parser: Title: 9acf646143953d89964fd759edbe72f5663a78022f12c does not match URL |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 | HTTP Parser: Invalid link: get a new Microsoft account |
Source: https://xdocusigniusmmxx.smumsmd.ws/ | HTTP Parser: No favicon |
Source: https://xdocusigniusmmxx.smumsmd.ws/ | HTTP Parser: No favicon |
Source: https://xdocusigniusmmxx.smumsmd.ws/ | HTTP Parser: No favicon |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | HTTP Parser: No favicon |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | HTTP Parser: No favicon |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 | HTTP Parser: No favicon |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 | HTTP Parser: No <meta name="author".. found |
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 | HTTP Parser: No <meta name="copyright".. found |
Source: unknown | HTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49749 version: TLS 1.0 |
Source: unknown | HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49717 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49718 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49749 version: TLS 1.0 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | HTTP traffic detected: GET /s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com HTTP/1.1
Host: url.us.m.mimecastprotect.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /r/7859ocG_n1us91ZBzUxyTAKirQKmGTyoGrJXHcVpSVamRO2ayBGcq6J8Zt9oREVkVR1ReK7Mk7_IC6Q7bXs4Ik97IywtBE7c8NTD7h_7fUD_ofWr24-D9rP0cCZRCgHD3Q-_nlXOK7rXDdT4MRAecBZLIQZE_ExW7UXxBo6jz8pHYMVtBIJiOqIpPxV6ZJOYVo-gV9MOXmqlg0X4OjTzaCw2hlhhdOYqHnp404xRF-hjRcSULBemtDGwKb9JFvDSlIQpRU1MZrf6zegv8s7RCngsJ8bpl0EeHgILiXjYll46oX9n_nNS7l_F9IKhIKJdqCK9aGQKUMb_ciruT-JLMxh-iCblTTfIpK8zTu7OAQBgD8zvnCkWQKV6Spgf6T3dVR4hO_mrPZxTs1--Kcq27OSMTIwLUpG_Z-ok0mlKJlvUXUNeTtalE5sdLLauNev2sUTLGeZriCjyJKFmnnM3SdPTn31H6oYXE-3Isf0ZKpDrECs6f8w28WVqFwvbaZA2Aly-q_DZty2wxCqKUSDe2CmSpua39itg6h2tJAW2qgJuVHiG5aGARR8ghkSZU12Afnk7N4ndKV4WbT8SUPFm8UrYwB21XmiRjqQN0kstQ0RXMH8HNV1ay9_XYPGhZaIWPlY8oMMAQ4lZw1YmF3ecjLBt33z0SbHvR8VvRKKNKThFXNG-OXR4Mm-SNt_VMFGopjsWmyxNRt6xUSNqSZP4oG8pIjWx1bwGawKj3gyMFfE93Zt2K7-9voZUuUqYP0nc8lPidc7tAL5oKrIghpkmqDfkftCXGi5ItzxBWlaXiNHHPe52EFSTkynnrISvRvRZGVN57TBAr_7S433x23XRmIJqziC_VJb39L3d6Uf75Wy-8SeZDPFkg17dNzXWEEtWKDGrcKAV3q1Mo6-VEzZBb5z2_NMsa47WtbJmyqDN-9i000f5MDPwUMdVdz_Oq6Bilo5NC8ynmq0rYNeKhM9IP5Xj2tLc7Z7hvG7QLlob4anfjJba1IZLb925kmCUYgKMVLGi0P1HtnrpaUCmu2zW8m0syM5IS4aAruwTtlMZh2B3e-BLOi5byJOmj3WBu30HXHx5ia2TnDF11pSluhGCooWXJJvRHiptCkZ181tTjOj7MsRLhy3gmb61ZW1svrbRskIxg3vh1eIPQ6wkiveaf-aYrie_ZUyX1i2dOJGtKgx0uir0wQD0cxn01Tgb44_X7f_nDbRDASbHE3_Wo1jNNuyuWxlyNbM0G0Q9DXo-HI1nTZUkCK-4mcABf0wifP2HAHPN97Bo0ju7A1qkiiM0hwQ6z5IMvTrwVFxLzS1uOerqUjJq0ZQEPm9nX8gjhLPg9ecrX8uDiVPkc32mlpKFhGUYsRE86DxeRcI15d3a0lAEuO_UrrSxDvPQpALS52SCTtKq5FR20-ULaANEAlePqTSvL7phlWh0bWDdknZzLI1E6IT739or8G15Sj_Ce019WbPWZdtm_wQefPzhP8ZO6ZG5bBUxPRPGknJ2qt2XNH_ORg8N_XFgYQUIt3aUQvwdMfIQb922Myjt038RAVyMR_XDnMQCbYNJp2-fiPtPIGrRZbLjhnF2vW8Mk4BjVSgT_rQ2DLUZCsIk_Kubb3ViKEHicVWX1Q4Ax5YDkt9GZwGheX9Dt7paArJBdDBGWMz6rzWkrkbV83k2rD3FK1k7YjqgOlRpiGxq3ZrCdjMqHpwbPrCYgY-hgRMQxiB3wwMsTI6ifR5mR-elvhGRXF4Ps8If-yZ_gYnm0sPOagH5zAT42OZ5sxXb1Z-l-QRE7fQdRfYRpbhD4CDRCnSwjknrzTyUXvMqwWEBgOixNx2ILxdyl88pfCT4_4nO-CBONqUxIF4OG8r1J25e4SksO3hcdbPs1zLI-KZyDUCvQXcXDviHby6qkCaKb4Ve0ZSpUm7Zd5vQ3cyPtLrFIQsoCxqPy_uEyn_-M-3tm-YoVglRulFaeQzOh2nsoT_dsoofvy0BCH02lDXW8ZdwAN-5eRtOyFVgwfYXa7IjWsndOayh0yb5AvmmTCX71TYQfUxOT-vHQxRMyvL0mLCZopwuaikf3GA0OGsQhAypN-2IISPk2MhYOarZWXJNXOlgYwB8tyvv_j6CQOglZILzl3lKfMDa7ZJsWTyeKbyMV_ZGX9o_8WfAtXk-JVz8hrEM1kXPdg6_KlGlYx4qmjwt-sSkKEkFYcsr3Z5SgNSWXycTMMpjIKldkW1NGoUkYvITqMhBOSEA2MtiiD4uVQxF9yzL6CRTm-XU6hfZXrQo1M0lJfNAIUpDphYLbJMWcDh8H0AjnWeAfw3Th1ApIC85spjzGFGgEFWFx4U1TPI0uCEHnEVOt9Uez6OWHihWHRIpP1y5OGF0gypV3pVFl2IlyQwzCwJSvFgb3OkNMbgK7qYWoLd6-lUf-SZ-YqBtA-eG4wcgpHnwutbsLYU98kK2NGzVzESDUu3QmmLctwy |