# d0c2283546yus7ngwd0c87v-1drvsharepoint.pavonselawgroup.com — MALICIOUS

> Stay protected from phishing attempts on d0c2283546yus7ngwd0c87v-1drvsharepoint.pavonselawgroup.com. Avoid interaction and report suspicious activity.

## Summary
PhishDestroy identifies the domain d0c2283546yus7ngwd0c87v-1drvsharepoint.pavonselawgroup.com as a high-risk generic phishing threat. The domain was first registered on March 12, 2026, and masquerades under a complex subdomain structure that attempts to mimic legitimate Microsoft OneDrive and SharePoint services. The landing page titled "One more step" typically aims to deceive users into divulging sensitive information through social engineering tactics.

Technical analysis reveals that the domain was registered via Wild West Domains, LLC, a common registrar in phishing infrastructure due to its affordability and ease of use. VirusTotal flagged this domain by 15 out of 95 security vendors, and it appears on one known security blocklist, further corroborating its malicious nature. The domain’s elaborate subdomain name is crafted to exploit user trust by resembling authentic corporate cloud storage URLs, a tactic frequently employed in credential harvesting campaigns.

Currently, the domain is offline, reflecting active takedown efforts or voluntary suspension. Despite this, the phishing threat remains significant due to the domain’s recent creation and high detection rate. Users are strongly advised to avoid engaging with any URLs containing this domain and to report any suspicious emails or messages referencing it. Continuous monitoring and user awareness are essential to mitigate risks associated with similar phishing infrastructures.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: One more step

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- Registrar: Wild West Domains, LLC
- Country: US
- Nameservers: ["ns1.bdm.microsoftonline.com", "ns2.bdm.microsoftonline.com"]
- SSL Issuer: E8

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "LevelBlue", "OpenPhish", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce592-3043-707e-9a50-8bcda06f6129.png
- PhishDestroy: https://phishdestroy.io/domain/d0c2283546yus7ngwd0c87v-1drvsharepoint.pavonselawgroup.com/
- LLM endpoint: https://phishdestroy.io/domain/d0c2283546yus7ngwd0c87v-1drvsharepoint.pavonselawgroup.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/d0c2283546yus7ngwd0c87v-1drvsharepoint.pavonselawgroup.com/
Last updated: 2026-03-19