Windows Analysis Report
https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLr

Overview

General Information

Sample URL: https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLr
Analysis ID: 1467837

Detection

HTMLPhisher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish54
Phishing site detected (based on image similarity)
Phishing site or detected (based on various text indicators)
Drops files with a non-matching file extension (content does not match file extension)
Found iframes
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden URLs or javascript code
HTML page contains obfuscate script src
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Phishing
barindex
AI detected phishing page
Source: https://weblinkdsafedoc.shop LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://weblinkdsafedoc.shop' is highly suspicious and does not match the legitimate domain for Microsoft Outlook, which is 'outlook.com'. The page prominently displays a login form, which is a common tactic used in phishing attacks to harvest user credentials. The domain name uses a .shop TLD, which is unusual for a service like Outlook. Additionally, the URL contains random characters ('weblinkdsafedoc'), which is another common characteristic of phishing sites. There are no captchas present, and the site uses social engineering techniques by mimicking the legitimate Outlook login page to deceive users. DOM: 7.12.pages.csv
Phishing site detected (based on favicon image match)
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish54
Source: Yara match File source: 6.9.pages.csv, type: HTML
Source: Yara match File source: 7.10.pages.csv, type: HTML
Source: Yara match File source: 6.9.pages.csv, type: HTML
Source: Yara match File source: 7.10.pages.csv, type: HTML
Source: Yara match File source: 7.12.pages.csv, type: HTML
Source: Yara match File source: 6.9.pages.csv, type: HTML
Source: Yara match File source: 7.10.pages.csv, type: HTML
Source: Yara match File source: 7.12.pages.csv, type: HTML
Source: Yara match File source: 6.9.pages.csv, type: HTML
Source: Yara match File source: 7.10.pages.csv, type: HTML
Source: Yara match File source: 7.12.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site or detected (based on various text indicators)
Source: Chrome DOM: 4.5 OCR Text: Kinetic Construction Quotation Request.pdf 1 KINETIC TOGETHER BUILDING BETTER Joshua Bliss shared a folder with you oate aeated: 07/04/2024 10:30 AM You have received 2 documents for your review. This message was sent to you to protect sensitive information. Ref: "Review Proposal" from "Kinetic Construction". "Click To View and Print Online" Size12.3 MB. Expiry107/12/2024 Sign in Office 365 to Review Encrypted Document Shared with You. iVarning: To Sign-in with sent Ta
Found iframes
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
HTML body contains low number of good links
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://login.live.com/ HTTP Parser: <input type="password" .../> found but no <form action="...
HTML page contains hidden URLs or javascript code
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg= HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...
HTML page contains obfuscate script src
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJT HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJT HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJT HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
HTML title does not match URL
Source: https://login.live.com/ HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://login.live.com/ppsecure/post.srf?contextid=1E579E1EE726820C&opid=F1E06B1EF8FBD65B&bk=1720121756&uaid=f5f8078471a049a1939759bc949d5cb3&pid=0 HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: <input type="password" .../> found
Source: https://login.live.com/ HTTP Parser: <input type="password" .../> found
Source: file:///C:/Users/user/Downloads/Kinetic%20Construction%20Quotation%20Request.pdf HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/Kinetic%20Construction%20Quotation%20Request.pdf HTTP Parser: No favicon
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg= HTTP Parser: No favicon
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: No favicon
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: No favicon
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/ HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/ HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/ HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/ppsecure/post.srf?contextid=1E579E1EE726820C&opid=F1E06B1EF8FBD65B&bk=1720121756&uaid=f5f8078471a049a1939759bc949d5cb3&pid=0 HTTP Parser: No <meta name="author".. found
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://weblinkdsafedoc.shop/?0qo4nd0fw=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZGM1MDViNzItY2I4MC1kYzdjLWQwZjEtYTI0MTAxMmEzMGI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NzE4NTM5OTU4NjQzNi44YmE3YzAxZS1jNGNlLTRkM2QtYjVkYS01ZTI4ZDU5M2NlN2Qmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNBMFJQSTRLNjVaZFB4Wl9kcE1BNEF4SFNDVUMwa21acFNyVEdLeTlVYjkxVGRtbE91NjJIWnVSNFdLYnlQNm84YUR0WWluZUs3X2Z6RDg=&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/ppsecure/post.srf?contextid=1E579E1EE726820C&opid=F1E06B1EF8FBD65B&bk=1720121756&uaid=f5f8078471a049a1939759bc949d5cb3&pid=0 HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49870 version: TLS 1.2
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global traffic DNS traffic detected: DNS query: 1drv.ms
Source: global traffic DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: p.sfx.ms
Source: global traffic DNS traffic detected: DNS query: api-badgerp.svc.ms
Source: global traffic DNS traffic detected: DNS query: api.onedrive.com
Source: global traffic DNS traffic detected: DNS query: my.microsoftpersonalcontent.com
Source: global traffic DNS traffic detected: DNS query: eastus1-mediap.svc.ms
Source: global traffic DNS traffic detected: DNS query: storage.live.com
Source: global traffic DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: weblinkdsafedoc.shop
Source: global traffic DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: acctcdn.msftauth.net
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49870 version: TLS 1.2
Source: classification engine Classification label: mal72.phis.win@26/174@58/273
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLr
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1880,i,9697994111193054892,18233368693127415544,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1880,i,9697994111193054892,18233368693127415544,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: Window Recorder Window detected: More than 3 window changes detected
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 408 Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
52.168.117.174
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.138.10
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.136.10
 dual-spo-0005.spo-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
20.189.173.7
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.45
 s-part-0017.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
5.230.41.194
 weblinkdsafedoc.shop Germany
12586 ASGHOSTNETDE true
20.189.173.3
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
40.126.31.71
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.60
 s-part-0032.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.185.106
 unknown United States
15169 GOOGLEUS false
2.23.209.37
 unknown European Union
1273 CWVodafoneGroupPLCEU false
172.217.23.99
 unknown United States
15169 GOOGLEUS false
51.105.104.217
 unknown United Kingdom
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.186.131
 unknown United States
15169 GOOGLEUS false
2.19.97.32
 unknown European Union
20940 AKAMAI-ASN1EU false
13.104.208.164
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
40.126.31.69
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
52.98.241.178
 HHN-efz.ms-acdc.office.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.184.228
 unknown United States
15169 GOOGLEUS false
216.58.212.174
 unknown United States
15169 GOOGLEUS false
216.58.212.170
 unknown United States
15169 GOOGLEUS false
52.113.194.132
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.139.11
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
20.101.246.164
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
13.107.137.11
 dual-spov-0006.spov-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
74.125.133.84
 unknown United States
15169 GOOGLEUS false
20.42.65.93
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.185.132
 www.google.com United States
15169 GOOGLEUS false
2.16.241.15
 unknown European Union
20940 AKAMAI-ASN1EU false
20.190.159.75
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
216.58.206.46
 unknown United States
15169 GOOGLEUS false
13.107.42.12
 1drv.ms United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
2.19.198.80
 unknown European Union
16625 AKAMAI-ASUS false
239.255.255.250
 unknown Reserved
unknown unknown false
152.199.21.175
 sni1gl.wpc.alphacdn.net United States
15133 EDGECASTUS false
2.19.11.6
 unknown European Union
719 ELISA-ASHelsinkiFinlandEU false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
dual-spov-0006.spov-msedge.net 13.107.137.11 true
dual-spo-0005.spo-msedge.net 13.107.136.10 true
sni1gl.wpc.alphacdn.net 152.199.21.175 true
s-part-0017.t-0009.t-msedge.net 13.107.246.45 true
sni1gl.wpc.omegacdn.net 152.199.21.175 true
www.google.com 142.250.185.132 true
HHN-efz.ms-acdc.office.com 52.98.241.178 true
weblinkdsafedoc.shop 5.230.41.194 true
s-part-0032.t-0009.t-msedge.net 13.107.246.60 true
1drv.ms 13.107.42.12 true
my.microsoftpersonalcontent.com unknown unknown
api-badgerp.svc.ms unknown unknown
r4.res.office365.com unknown unknown
aadcdn.msftauth.net unknown unknown
logincdn.msftauth.net unknown unknown
storage.live.com unknown unknown
m365cdn.nel.measure.office.net unknown unknown
spo.nel.measure.office.net unknown unknown
outlook.office365.com unknown unknown
onedrive.live.com unknown unknown
api.onedrive.com unknown unknown
p.sfx.ms unknown unknown
eastus1-mediap.svc.ms unknown unknown
acctcdn.msftauth.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://onedrive.live.com/?id=76A2F2769A0F2D92!sc3954150ebeb4fd8970078b5e209911f&resid=76A2F2769A0F2D92!sc3954150ebeb4fd8970078b5e209911f&cid=76a2f2769a0f2d92&ithint=file%2cpdf&redeem=aHR0cHM6Ly8xZHJ2Lm1zL2IvYy83NmEyZjI3NjlhMGYyZDkyL0VWQkJsY1ByNjloUGx3QjR0ZUlKa1I4QmhPRXd0RTNoYURnMXNTZHVrUmZacnc_ZT1nZVlvTHI&migratedtospo=true false
    		unknown
    https://onedrive.live.com/?id=76A2F2769A0F2D92%21sc3954150ebeb4fd8970078b5e209911f&cid=76a2f2769a0f2d92&ithint=file%2Cpdf&redeem=aHR0cHM6Ly8xZHJ2Lm1zL2IvYy83NmEyZjI3NjlhMGYyZDkyL0VWQkJsY1ByNjloUGx3QjR0ZUlKa1I4QmhPRXd0RTNoYURnMXNTZHVrUmZacnc%5FZT1nZVlvTHI false
      		unknown
      https://onedrive.live.com/?redeem=aHR0cHM6Ly8xZHJ2Lm1zL2IvYy83NmEyZjI3NjlhMGYyZDkyL0VWQkJsY1ByNjloUGx3QjR0ZUlKa1I4QmhPRXd0RTNoYURnMXNTZHVrUmZacnc%5FZT1nZVlvTHI&cid=76A2F2769A0F2D92&id=76A2F2769A0F2D92%21sc3954150ebeb4fd8970078b5e209911f&parId=root&o=OneUp false
        		unknown
        file:///C:/Users/user/Downloads/Kinetic%20Construction%20Quotation%20Request.pdf false
        • Avira URL Cloud: safe
        		 unknown
        about:blank false
        • Avira URL Cloud: safe
        		 unknown
        https://outlook.office365.com/owa/prefetch.aspx false
          		unknown
          https://onedrive.live.com/?id=76A2F2769A0F2D92%21sc3954150ebeb4fd8970078b5e209911f&resid=76A2F2769A0F2D92%21sc3954150ebeb4fd8970078b5e209911f&cid=76a2f2769a0f2d92&ithint=file%2Cpdf&redeem=aHR0cHM6Ly8xZHJ2Lm1zL2IvYy83NmEyZjI3NjlhMGYyZDkyL0VWQkJsY1ByNjloUGx3QjR0ZUlKa1I4QmhPRXd0RTNoYURnMXNTZHVrUmZacnc%5FZT1nZVlvTHI&migratedtospo=true&v=validatepermission false
            		unknown