Click to jump to signature section
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com | LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://authitca-adobue-sign.us-ord-1.linodeobjects.com' is highly suspicious. It uses a domain 'linodeobjects.com' which is not associated with Microsoft. The subdomain 'authitca-adobue-sign' is designed to look like a legitimate service but is misleading. The image shows the Microsoft logo, indicating an attempt to impersonate Microsoft. There is no prominent login form or captcha visible in the image, but the use of social engineering techniques is evident in the URL structure and branding. The legitimate domain for Microsoft services is 'microsoft.com'. DOM: 1.2.pages.csv |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com | LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://authitca-adobue-sign.us-ord-1.linodeobjects.com' is highly suspicious. It does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The domain uses a combination of unrelated terms and a hosting service (linodeobjects.com) that is not associated with Microsoft. The page contains a prominent login form asking for sensitive information, which is a common tactic in phishing attacks. Additionally, the URL structure and the use of social engineering techniques to mimic a legitimate Microsoft login page further indicate that this is a phishing site. DOM: 1.3.pages.csv |
Source: Yara match | File source: 1.2.pages.csv, type: HTML |
Source: Yara match | File source: 1.3.pages.csv, type: HTML |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | Matcher: Found strong image similarity, brand: MICROSOFT |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: Number of links: 0 |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: Total embedded image size: 18628 |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: Invalid link: After the death of Rachmaninoff, the villa stayed in possession of the family. His grand child Alexandre Rachmaninoff Conus established the Rachmaninoff foundation. After the death of Rachmaninoff Conus, his will mentioned Lucerne as a possible inheritor, but it was not worded properly enough. In order to prevent a possible legal case between Lucerne and his descendants the bought the estate in 2022 and on the 1 April 2023, the 150th birthday of Rachmaninoff, the Villa was made accessible to the public. |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: Invalid link: After the death of Rachmaninoff, the villa stayed in possession of the family. His grand child Alexandre Rachmaninoff Conus established the Rachmaninoff foundation. After the death of Rachmaninoff Conus, his will mentioned Lucerne as a possible inheritor, but it was not worded properly enough. In order to prevent a possible legal case between Lucerne and his descendants the bought the estate in 2022 and on the 1 April 2023, the 150th birthday of Rachmaninoff, the Villa was made accessible to the public. |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: <input type="password" .../> found |
Source: https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG | HTTP Parser: No favicon |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: No favicon |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: No <meta name="author".. found |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: No <meta name="author".. found |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: No <meta name="copyright".. found |
Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html | HTTP Parser: No <meta name="copyright".. found |
Source: unknown | HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49720 version: TLS 1.2 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | DNS traffic detected: DNS query: www.google.com |
Source: global traffic | DNS traffic detected: DNS query: authitca-adobue-sign.us-ord-1.linodeobjects.com |
Source: global traffic | DNS traffic detected: DNS query: ba3393a6.parecorps.com |
Source: global traffic | DNS traffic detected: DNS query: openfpcdn.io |
Source: global traffic | DNS traffic detected: DNS query: cdnjs.cloudflare.com |
Source: global traffic | DNS traffic detected: DNS query: code.jquery.com |
Source: global traffic | DNS traffic detected: DNS query: a.nel.cloudflare.com |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown | Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown | Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49678 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49729 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown | Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49738 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown | Network traffic detected: HTTP traffic on port 49736 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49736 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown | Network traffic detected: HTTP traffic on port 49738 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown | Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown | Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown | Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49726 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49729 |
Source: unknown | Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49726 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: unknown | HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49720 version: TLS 1.2 |
Source: classification engine | Classification label: mal60.phis.win@14/20@18/62 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps |
Source: unknown | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1944,i,4129686458143356249,5395737620641479105,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1944,i,4129686458143356249,5395737620641479105,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk |