# cae3a120d99f49be8cad1d70ea72bec5mn-my-sharepoint.hlmillersinc.com — MALICIOUS

> Discover why the domain cae3a120d99f49be8cad1d70ea72bec5mn-my-sharepoint.hlmillersinc.com is flagged for phishing and how to protect yourself.

## Summary
PhishDestroy identifies the domain cae3a120d99f49be8cad1d70ea72bec5mn-my-sharepoint.hlmillersinc.com as a high-risk phishing site. This dangerous domain was designed to trick users into revealing sensitive information by masquerading as a legitimate SharePoint service. Despite being taken offline, its presence on multiple blocklists signals the severity of the threat it posed.

This phishing attack typically involved users receiving deceptive links that appeared to lead to a trusted SharePoint platform. Once clicked, victims were prompted to enter personal credentials or confidential data, which attackers could then exploit for identity theft or unauthorized access. The domain's recent registration and detection by numerous security vendors underscore its malicious intent.

If you have visited this site, it is crucial to immediately change any passwords you may have entered and monitor your accounts for suspicious activity. Running a full antivirus scan and enabling multi-factor authentication on your accounts can provide additional protection. Staying vigilant and checking domains against trusted sources like PhishDestroy can help prevent future exposure to similar scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: Microsoft
- Page title: Microsoft Office/Things to Know When Saving - Wikibooks, open books for an open world

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Wild West Domains, LLC
- Country: US
- IP: 185.15.59.224
- IP Country: NL
- IP City: Amsterdam
- IP Org: AS14907 Wikimedia Foundation Inc.
- Nameservers: ["ns1.bdm.microsoftonline.com", "ns2.bdm.microsoftonline.com"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a92bd-d66b-75ef-87d6-31b2ba939124.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e562305f-729a-48b6-a97e-3749bfc2ce46
- PhishDestroy: https://phishdestroy.io/domain/cae3a120d99f49be8cad1d70ea72bec5mn-my-sharepoint.hlmillersinc.com/
- LLM endpoint: https://phishdestroy.io/domain/cae3a120d99f49be8cad1d70ea72bec5mn-my-sharepoint.hlmillersinc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cae3a120d99f49be8cad1d70ea72bec5mn-my-sharepoint.hlmillersinc.com/
Last updated: 2026-03-19