login-live.com-s02.info Open in urlscan Pro
78.47.159.0 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Submission: On June 30 via manual (June 30th 2020, 7:16:19 pm UTC) from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 78.47.159.0, located in Germany and belongs to HETZNER-AS, DE. The main domain is login-live.com-s02.info.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 3rd 2020. Valid for: 3 months.

This is the only time login-live.com-s02.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
13	78.47.159.0 78.47.159.0	24940 (HETZNER-AS) (HETZNER-AS)
1	116.203.22.29 116.203.22.29	24940 (HETZNER-AS) (HETZNER-AS)
14	2

13 78.47.159.0 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: web.sosafe.de

login-live.com-s02.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.203.22.29 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: api0.sosafe.de

api.sosafe.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	com-s02.info login-live.com-s02.info	1007 KB
1	sosafe.de api.sosafe.de	51 KB
14	2

	Domain	Requested by
13	login-live.com-s02.info	login-live.com-s02.info
1	api.sosafe.de	login-live.com-s02.info
14	2

This site contains no links.

Subject Issuer	Validity	Valid
login-live.com-s02.info Let's Encrypt Authority X3	`2020-05-03` - `2020-08-01`	3 months	crt.sh
api.sosafe.de Let's Encrypt Authority X3	`2020-05-10` - `2020-08-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Frame ID: 0C5645BB23BFAE109102132D8F4FEEDA
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1058 kB
Transfer

1054 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
login-live.com-s02.info/pt/ 4 KB
4 KB 195ms
57ms Document
text/html 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: d87a180305021ddf6213539dd35065599a1afde007a4705b86b51c80c5332f35

Request headers

Host: login-live.com-s02.info
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Tue, 30 Jun 2020 19:16:00 GMT
Content-Type: text/html
Content-Length: 4270
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Connection: keep-alive
ETag: "5ef9f170-10ae"
Accept-Ranges: bytes

GET
H/1.1 200
OK bootstrap.min.css
login-live.com-s02.info/assets/bootstrap/css/ 138 KB
138 KB 67ms
65ms Stylesheet
text/css 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-live.com-s02.info/assets/bootstrap/css/bootstrap.min.css
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: 46b4721c80749cc5e1ec6cf4c5fec78a2c51fdfc4ee9c94f2223cdaf4fbd8ced

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-22646"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 140870

GET
H/1.1 200
OK fontawesome-all.min.css
login-live.com-s02.info/assets/fonts/ 40 KB
40 KB 192ms
81ms Stylesheet
text/css 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-live.com-s02.info/assets/fonts/fontawesome-all.min.css
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: fd702d8d6882cc47c74308ec46b1476035492c3d887741b279bb830c49b9b2bf

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-a033"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 41011

GET
H/1.1 200
OK material-icons.min.css
login-live.com-s02.info/assets/fonts/ 667 B
897 B 171ms
56ms Stylesheet
text/css 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-live.com-s02.info/assets/fonts/material-icons.min.css
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: 3b1570b5ff9ff35087c117c63a418199a11c6eeaf6954846b297b7bf95496129

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-29b"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 667

GET
H/1.1 200
OK typicons.min.css
login-live.com-s02.info/assets/fonts/ 15 KB
15 KB 200ms
86ms Stylesheet
text/css 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-live.com-s02.info/assets/fonts/typicons.min.css
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: 8660ed12799916f277ccbb1fa1ba74dc2483dffa91089998ddfed5a9feb32200

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-3a89"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14985

GET
H/1.1 200
OK styles.min.css
login-live.com-s02.info/assets/css/ 4 KB
4 KB 174ms
57ms Stylesheet
text/css 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-live.com-s02.info/assets/css/styles.min.css
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: dd3bfb00b7273590ca408b03823bf86903ead0c497de2f7b5f6934d1473c20e2

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-fa9"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4009

GET
H/1.1 200
OK main.js Show response
login-live.com-s02.info/assets/js/ 3 KB
3 KB 179ms
57ms Script
application/javascript 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-live.com-s02.info/assets/js/main.js
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: c5bc258638ab24f2e8cd5fbe97491eb114f9d1f55201a92e9143d2061e97f9cd

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-a0d"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2573

GET
H/1.1 200
OK info.svg
login-live.com-s02.info/assets/img/ 338 B
573 B 57ms
56ms Image
image/svg+xml 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-live.com-s02.info/assets/img/info.svg
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: e78098c9d55fcd196acc23bb905e94881fbe157504e9c179f23ae85399e28682

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-152"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 338

GET
H/1.1 200
OK question.svg
login-live.com-s02.info/assets/img/ 2 KB
2 KB 57ms
57ms Image
image/svg+xml 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-live.com-s02.info/assets/img/question.svg
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-613"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1555

GET
H/1.1 200
OK jquery.min.js Show response
login-live.com-s02.info/assets/js/ 85 KB
85 KB 59ms
59ms Script
application/javascript 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-live.com-s02.info/assets/js/jquery.min.js
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: 39646863a414e0a84920b3a8639c0f3e8c94535e8dc051b42b485a068dc2902f

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-15282"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 86658

GET
H/1.1 200
OK bootstrap.min.js Show response
login-live.com-s02.info/assets/bootstrap/js/ 69 KB
69 KB 86ms
86ms Script
application/javascript 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-live.com-s02.info/assets/bootstrap/js/bootstrap.min.js
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: 928f97f310d8f768c5e3d521e3b1ce2cff156f9cc60c5d09fad772f4a2c43f52

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-1141a"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 70682

GET
H/1.1 200
OK report Show response
api.sosafe.de/v1/ 50 KB
51 KB 5243ms
5117ms XHR
application/json 116.203.22.29
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sosafe.de/v1/report?code=04462db0c6818ea325d1c2529d4165fc&type=2

Requested by

Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/assets/js/main.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

116.203.22.29 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

api0.sosafe.de

Software

nginx /

Resource Hash

f2517c0fd2c399137ca619b0c560e7f9471040cb41e70064306585c0f207978a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:05 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: W/"c817-Xoct5JZ/oWEE8AmOKf/xsq6BpW8"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-DNS-Prefetch-Control: off
Content-Length: 51223
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK microsoft_logo.svg
login-live.com-s02.info/assets/img/ 4 KB
4 KB 57ms
57ms Image
image/svg+xml 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-live.com-s02.info/assets/img/microsoft_logo.svg
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-e43"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3651

GET
H/1.1 200
OK 1.png
login-live.com-s02.info/assets/img/ 642 KB
642 KB 86ms
86ms Image
image/png 78.47.159.0
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-live.com-s02.info/assets/img/1.png
Requested by: Host: login-live.com-s02.info
URL: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.47.159.0 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: web.sosafe.de
Software: nginx /
Resource Hash: 81c4f50096d17e8cdfe9c95d5996af25efba6d081462ddd068a1014fd7cd28d4

Request headers

Referer: https://login-live.com-s02.info/pt/?code=04462db0c6818ea325d1c2529d4165fc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 19:16:00 GMT
Last-Modified: Mon, 29 Jun 2020 13:49:36 GMT
Server: nginx
ETag: "5ef9f170-a06fb"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 657147

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.sosafe.de
login-live.com-s02.info
116.203.22.29
78.47.159.0
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
39646863a414e0a84920b3a8639c0f3e8c94535e8dc051b42b485a068dc2902f
3b1570b5ff9ff35087c117c63a418199a11c6eeaf6954846b297b7bf95496129
46b4721c80749cc5e1ec6cf4c5fec78a2c51fdfc4ee9c94f2223cdaf4fbd8ced
81c4f50096d17e8cdfe9c95d5996af25efba6d081462ddd068a1014fd7cd28d4
8660ed12799916f277ccbb1fa1ba74dc2483dffa91089998ddfed5a9feb32200
928f97f310d8f768c5e3d521e3b1ce2cff156f9cc60c5d09fad772f4a2c43f52
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
c5bc258638ab24f2e8cd5fbe97491eb114f9d1f55201a92e9143d2061e97f9cd
d87a180305021ddf6213539dd35065599a1afde007a4705b86b51c80c5332f35
dd3bfb00b7273590ca408b03823bf86903ead0c497de2f7b5f6934d1473c20e2
e78098c9d55fcd196acc23bb905e94881fbe157504e9c179f23ae85399e28682
f2517c0fd2c399137ca619b0c560e7f9471040cb41e70064306585c0f207978a
fd702d8d6882cc47c74308ec46b1476035492c3d887741b279bb830c49b9b2bf

login-live.com-s02.info Open in urlscan Pro 78.47.159.0 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

1058 kBTransfer

1054 kBSize

0 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

login-live.com-s02.info Open in urlscan Pro
78.47.159.0 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1058 kB
Transfer

1054 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!