Forum Discussion

ENVRobin's avatar
ENVRobin
Copper Contributor
May 22, 2024

Connection to adversary-in-the-middle (AiTM) phishing site - sropq.com

Hello all,

I have a strange Defender alert.

 

User is opening SharePoint/OneDrive on a terminal server (RDP connection) with Mozilla Firefox and the event below appears.

Mozilla Firefox is stock and other users do not create this kind of alert.

There is no visible Add-on installed, which could cause this issue.

 

I cannot find any information about sropq.com

 

Connection to adversary-in-the-middle (AiTM) phishing site

sropq.com

188.114.96.4

firefox.exe (PID: 31868)

firefox.exe (PID: 7788)

188.114.97.4



 

 

3 Replies

Resources