urlscan.io logo urlscan.io
SecurityTrails logo

login.promolive.online Open in urlscan Pro
2606:4700:3033::ac43:c61a  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://login.promolive.online/
Submission: On March 24 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3033::ac43:c61a, located in United States and belongs to CLOUDFLARENET, US. The main domain is login.promolive.online.
TLS certificate: Issued by GTS CA 1P5 on March 21st 2024. Valid for: 3 months.
This is the only time login.promolive.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
5 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:2800:21f... 15133 (EDGECAST)
6 2
Apex Domain
Subdomains		 Transfer
5 promolive.online
login.promolive.online
15 KB
1 msftauth.net
logincdn.msftauth.net — Cisco Umbrella Rank: 6395
1 KB
6 2
Domain Requested by
5 login.promolive.online login.promolive.online
1 logincdn.msftauth.net login.promolive.online
6 2

This site contains links to these domains. Also see Links.

Domain
login.live.com
Subject Issuer Validity Valid
promolive.online
GTS CA 1P5		 2024-03-21 -
2024-06-19		 3 months crt.sh
identitycdn.msauth.net
Microsoft Azure RSA TLS Issuing CA 03		 2023-11-02 -
2024-10-27		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.promolive.online/
Frame ID: 62A223AC22A49B93865CBEE5C5C1CF49
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your Microsoft account

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

16 kB
Transfer

53 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
login.promolive.online/ 		22 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.promolive.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c61a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d94cad285ee9c28b2cec988d9413ced008be74cd35d7e8fff19c145dc868a8b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86974e2c2a122888-MIA
content-encoding
br
content-type
text/html
date
Sun, 24 Mar 2024 14:21:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZU0hVq4ODjx53jPwfsTiXEr0SBbksjGkZAig%2B6X5AP7KNKiZ6paSV%2Fta8a8oU7W2HOwyrtPTTn6VDT28QHT%2B%2BrcinyQM4Nq1SvxlytERbV6TQswtx5l5QCf%2BEC%2Bg99y%2BlEohsI06ZfHHnWV6TLLOI8EQe341"}],"group":"cf-nel","max_age":604800}
server
cloudflare
style.css
login.promolive.online/assets/ 		24 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.promolive.online/assets/style.css
Requested by
Host: login.promolive.online
URL: https://login.promolive.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c61a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c439f836332dc108840f1205072981788a521c35fab7309aa328fbcd1c1328d6

Request headers

accept-language
en-US,en;q=0.9
Referer
https://login.promolive.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 14:21:03 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 21 Mar 2024 18:34:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1023
etag
W/"65fc7dbd-61fd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0JVFMR6bLPl8X%2FVCQoyllGGbvLUWiIaXaSLMd6urC9zktbxLp4wf3zOnLgdpXHX5eBFDuCblNAP0FTR32nUYDQACnzSekH%2FslzgzaHwpYl154Bcx%2FnG4xrEhDqmqrSFHiEtl6eSeF7BAyGWkFvS6jDX58grG"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
86974e2ddc452888-MIA
alt-svc
h3=":443"; ma=86400
microsoft_logo_ee5c8d9fb6248c938fd0.svg
login.promolive.online/assets/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.promolive.online/assets/microsoft_logo_ee5c8d9fb6248c938fd0.svg
Requested by
Host: login.promolive.online
URL: https://login.promolive.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c61a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://login.promolive.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 14:21:03 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 21 Mar 2024 18:34:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1023
etag
W/"65fc7dbd-e43"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1VC%2BBqNw%2F9mVovIK%2FLCDUWDDCN3ShYGFxFNydx61qLo2P%2BsQgn9iBV5yxn4KelTxWCNUzZLVhjORQJ5bxsz4QUxSYYbBOPWE99z0WZwiY2DaZA7WuU6q%2BVBkBb3zxUMDEMxylgRmuagKKrAblhyQRv1H0MuD"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
86974e2ddc472888-MIA
alt-svc
h3=":443"; ma=86400
arrow_left_a9cc2824ef3517b6c416.svg
login.promolive.online/assets/ 		513 B
575 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.promolive.online/assets/arrow_left_a9cc2824ef3517b6c416.svg
Requested by
Host: login.promolive.online
URL: https://login.promolive.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c61a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
en-US,en;q=0.9
Referer
https://login.promolive.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 14:21:03 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 21 Mar 2024 18:34:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
337
etag
W/"65fc7dbd-201"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RhC8lRLVhltl11EyqrNYY3mFn9kemBJEuN8RMSgSh7OgufaPA9Rnbm7ZSSSoXZAth24V%2Bghj%2FHWUdAxBtlfMeGuCUhsOFriDcv37EhxcOwm9UZFiwk1dUdbISJkrSW8YBh7cKaUfIM%2BqiAdvE5pcpbCdvySk"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
86974e2ddc482888-MIA
alt-svc
h3=":443"; ma=86400
2_bc3d32a696895f78c19d.svg
logincdn.msftauth.net/shared/5/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msftauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg
Requested by
Host: login.promolive.online
URL: https://login.promolive.online/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:21f:506b:a2a0:d716:4ee1:a9bc , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mib/5B2C) /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language
en-US,en;q=0.9
Referer
https://login.promolive.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Mar 2024 14:21:03 GMT
content-encoding
gzip
content-md5
DhdidjYrlCeaRJJRG/y9mA==
age
20522
x-cache
HIT
content-length
673
x-ms-lease-status
unlocked
last-modified
Tue, 27 Jun 2023 15:45:09 GMT
server
ECAcc (mib/5B2C)
etag
0x8DB77257C91B168
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
14496abe-e01e-003d-22c6-7da42c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
email-decode.min.js
login.promolive.online/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.promolive.online/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: login.promolive.online
URL: https://login.promolive.online/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:c61a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://login.promolive.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 14:21:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 21 Mar 2024 10:35:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65fc0d6b-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iydYbzEN95EMKwnGM0FfIWE5%2BxxyLK9eBPxNhH%2FUmcq00cr120Nb7R7ZozeAUIYq5alCfkfSd6cpzEdv9oowXK%2FiyUYx%2BoHS7XkaH8TpPQYNsZgCPumg%2BVUykDmj4GM72YX%2ByqRqs44hhmfl0XvudtvORps7"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
86974e2e8855742d-MIA
expires
Tue, 26 Mar 2024 14:21:03 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateEmail function| next function| back

0 Cookies