livelogin.info Open in urlscan Pro
104.27.150.120 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://livelogin.info/
Submission: On March 14 via automatic, source twitter_illegalFawn (March 14th 2018, 1:51:28 pm UTC)

Summary HTTP 10 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 104.27.150.120, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is livelogin.info.

This is the only time livelogin.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	104.27.150.120 104.27.150.120	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	172.217.21.234 172.217.21.234	15169 (GOOGLE) (GOOGLE - Google LLC)
5	104.27.151.120 104.27.151.120	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	104.111.251.169 104.111.251.169	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
10	4

2 104.27.150.120 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

livelogin.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.234 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.27.151.120 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

livelogin.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.251.169 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-251-169.deploy.static.akamaitechnologies.com

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	livelogin.info livelogin.info	42 KB
2	gfx.ms auth.gfx.ms	293 KB
1	googleapis.com ajax.googleapis.com	30 KB
10	3

	Domain	Requested by
7	livelogin.info	livelogin.info
2	auth.gfx.ms	livelogin.info
1	ajax.googleapis.com	livelogin.info
10	3

This site contains links to these domains. Also see Links.

Domain
account.live.com
login.live.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://livelogin.info/
Frame ID: 391E3774E281FD5B8FD6F171829DE682
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

365 kB
Transfer

533 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://%20//signup.live.com/?wa=wsignin1.0&rpsnv=13&ct=1507190694&rver=6.7.6643.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox&id=64855&cbcxt=mai&contextid=6B83C32158DE33B8&bk=1507190695&uiflavor=web&uaid=f555fd7eaeb04fcb94cd69d4ad6966e0&mkt=EN-US&lc=1033
Title: Create one!

Search URL Search Domain Scan URL

URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1507189676%26rver%3d6.7.6643.0%26wp%3dMBI_SSL_SHARED%26wreply%3dhttps:%252F%252Fmail.live.com%252Fdefault.aspx%253Frru%253Dinbox%26lc%3d1033%26id%3d64855%26mkt%3den-us%26cbcxt%3dmai%26contextid%3dF248A2A5025C84C5%26bk%3d1507189677&id=64855&uiflavor=web&cobrandid=140732904819168&uaid=f555fd7eaeb04fcb94cd69d4ad6966e0&mkt=EN-US&lc=1033&bk=1507189677
Title: Forgot my password

Search URL Search Domain Scan URL

URL: https://login.live.com/logout.srf?wa=wsignin1.0&rpsnv=13&ct=1507189676&rver=6.7.6643.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox&lc=1033&id=64855&mkt=en-us&cbcxt=mai&contextid=F248A2A5025C84C5&ru=https://mail.live.com/default.aspx%3frru%3dinbox&bk=1507189677&lm=I
Title: Sign in with a different Microsoft account

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600
Title: Privacy & cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
livelogin.info/ 45 KB
12 KB 86ms
73ms Document
text/html 104.27.150.120
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://livelogin.info/
Protocol: HTTP/1.1
Server: 104.27.150.120 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / PHP/7.1.0
Resource Hash: 9937e3dc7fbd8bfec6dde8a4902301d5823eaace9a8055c6a32f404c7abfa8fd

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: livelogin.info
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 14 Mar 2018 13:51:16 GMT
Content-Encoding: gzip
Server: cloudflare
X-Powered-By: PHP/7.1.0
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Set-Cookie: __cfduid=dac6c89ef8e565a84bfa5aa6f7d4aca991521035476; expires=Thu, 14-Mar-19 13:51:16 GMT; path=/; domain=.livelogin.info; HttpOnly
Connection: keep-alive
CF-RAY: 3fb736cd84ea636d-FRA

GET
S 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 85 KB
30 KB 10ms
2ms Script
text/javascript 172.217.21.234
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: livelogin.info
URL: http://livelogin.info/

Protocol

SPDY

Server

172.217.21.234 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f10.1e100.net

Software

sffe /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://livelogin.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 12 Feb 2018 14:24:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2589997
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
content-length: 30306
x-xss-protection: 1; mode=block
last-modified: Fri, 24 Mar 2017 20:55:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Feb 2019 14:24:39 GMT

GET
H/1.1 200
OK Converged1033.css
livelogin.info/ourlook_files/ 86 KB
17 KB 13ms
10ms Stylesheet
text/css 104.27.150.120
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://livelogin.info/ourlook_files/Converged1033.css
Requested by: Host: livelogin.info
URL: http://livelogin.info/
Protocol: HTTP/1.1
Server: 104.27.150.120 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cffd17aa12d2cbc84454c54c27af660e3737c257a4eb4c47bfabca06aa281539

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: livelogin.info
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://livelogin.info/
Cookie: __cfduid=dac6c89ef8e565a84bfa5aa6f7d4aca991521035476
Connection: keep-alive
Cache-Control: no-cache
Referer: http://livelogin.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 14 Mar 2018 13:51:16 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Tue, 13 Mar 2018 11:55:05 GMT
Server: cloudflare
ETag: W/"156b6-56749edefc29d"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3fb736ce452a636d-FRA
Expires: Wed, 14 Mar 2018 17:51:16 GMT

GET
H/1.1 200
OK Kernel.js Show response
livelogin.info/ourlook_files/ 19 KB
9 KB 31ms
17ms Script
application/javascript 104.27.151.120
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://livelogin.info/ourlook_files/Kernel.js
Requested by: Host: livelogin.info
URL: http://livelogin.info/
Protocol: HTTP/1.1
Server: 104.27.151.120 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4bcf75eec9c807c7e5c061a6bf35b1abf568bd3917fd4e254ae3f9db84fff92

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: livelogin.info
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://livelogin.info/
Cookie: __cfduid=dac6c89ef8e565a84bfa5aa6f7d4aca991521035476
Connection: keep-alive
Cache-Control: no-cache
Referer: http://livelogin.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 14 Mar 2018 13:51:16 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Tue, 13 Mar 2018 11:55:07 GMT
Server: cloudflare
ETag: W/"4c37-56749ee0949e6"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3fb736ce559d9700-FRA
Expires: Wed, 14 Mar 2018 17:51:16 GMT

GET
H/1.1 200
OK main.css
livelogin.info/ourlook_files/ 672 B
667 B 24ms
11ms Stylesheet
text/css 104.27.151.120
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://livelogin.info/ourlook_files/main.css
Requested by: Host: livelogin.info
URL: http://livelogin.info/
Protocol: HTTP/1.1
Server: 104.27.151.120 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f124fe4d3ac3868ff78084960386db25f0033e7e5e8ddde7be98b5f878d3e0

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: livelogin.info
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://livelogin.info/
Cookie: __cfduid=dac6c89ef8e565a84bfa5aa6f7d4aca991521035476
Connection: keep-alive
Cache-Control: no-cache
Referer: http://livelogin.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 14 Mar 2018 13:51:16 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Tue, 13 Mar 2018 11:55:07 GMT
Server: cloudflare
ETag: W/"2a0-56749ee077523"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3fb736ce523196f4-FRA
Expires: Wed, 14 Mar 2018 17:51:16 GMT

GET
H/1.1 200
OK foreground.js Show response
livelogin.info/ourlook_files/ 3 KB
1 KB 31ms
18ms Script
application/javascript 104.27.151.120
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://livelogin.info/ourlook_files/foreground.js
Requested by: Host: livelogin.info
URL: http://livelogin.info/
Protocol: HTTP/1.1
Server: 104.27.151.120 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 374815c3015585ef512d266ad148f74e1793b4a882d5c1d24d61c6a1969ec2f1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: livelogin.info
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://livelogin.info/
Cookie: __cfduid=dac6c89ef8e565a84bfa5aa6f7d4aca991521035476
Connection: keep-alive
Cache-Control: no-cache
Referer: http://livelogin.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 14 Mar 2018 13:51:16 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Tue, 13 Mar 2018 11:55:06 GMT
Server: cloudflare
ETag: W/"a4c-56749edfdb117"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3fb736ce5209975c-FRA
Expires: Wed, 14 Mar 2018 17:51:16 GMT

GET
H/1.1 200
OK microsoft_logo.svg
livelogin.info/ourlook_files/ 4 KB
2 KB 10ms
10ms Image
image/svg+xml 104.27.151.120
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://livelogin.info/ourlook_files/microsoft_logo.svg
Requested by: Host: livelogin.info
URL: http://livelogin.info/
Protocol: HTTP/1.1
Server: 104.27.151.120 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: livelogin.info
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://livelogin.info/
Cookie: __cfduid=dac6c89ef8e565a84bfa5aa6f7d4aca991521035476
Connection: keep-alive
Cache-Control: no-cache
Referer: http://livelogin.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 14 Mar 2018 13:51:16 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Tue, 13 Mar 2018 11:55:07 GMT
Server: cloudflare
ETag: W/"e43-56749ee118751"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: public, max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3fb736ce75b69700-FRA
Expires: Wed, 14 Mar 2018 17:51:16 GMT

GET
H/1.1 200
OK picker_account_msa.svg
livelogin.info/ourlook_files/ 379 B
675 B 9ms
9ms Image
image/svg+xml 104.27.151.120
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://livelogin.info/ourlook_files/picker_account_msa.svg
Requested by: Host: livelogin.info
URL: http://livelogin.info/
Protocol: HTTP/1.1
Server: 104.27.151.120 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: livelogin.info
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://livelogin.info/
Cookie: __cfduid=dac6c89ef8e565a84bfa5aa6f7d4aca991521035476
Connection: keep-alive
Cache-Control: no-cache
Referer: http://livelogin.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 14 Mar 2018 13:51:16 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Tue, 13 Mar 2018 11:55:07 GMT
Server: cloudflare
ETag: W/"17b-56749ee118369"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: public, max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3fb736ce85c09700-FRA
Expires: Wed, 14 Mar 2018 17:51:16 GMT

GET
H/1.1 200
OK 0.jpg
auth.gfx.ms/16.000.27537.1/images/Backgrounds/ 291 KB
291 KB 8ms
7ms Image
image/jpeg 104.111.251.169
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27537.1/images/Backgrounds/0.jpg?x=f5a9a9531b8f4bcc86eabb19472d15d5
Requested by: Host: livelogin.info
URL: http://livelogin.info/
Protocol: HTTP/1.1
Server: 104.111.251.169 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-251-169.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214

Request headers

Referer: http://livelogin.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 14 Mar 2018 13:51:16 GMT
Last-Modified: Thu, 28 Sep 2017 18:30:28 GMT
PPServer: PPV: 30 H: BL2IDSPRTS1C004 V: 0
ETag: "03a9bdb8738d31:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=510704
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 298105
Server: Microsoft-IIS/8.5

GET
H/1.1 200
OK 0-small.jpg
auth.gfx.ms/16.000.27537.1/images/Backgrounds/ 1 KB
1 KB 7ms
6ms Image
image/jpeg 104.111.251.169
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27537.1/images/Backgrounds/0-small.jpg?x=12f4b8b543125cc986c79cd85320812f
Requested by: Host: livelogin.info
URL: http://livelogin.info/
Protocol: HTTP/1.1
Server: 104.111.251.169 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-251-169.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 /
Resource Hash: c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b

Request headers

Referer: http://livelogin.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 14 Mar 2018 13:51:16 GMT
Last-Modified: Thu, 28 Sep 2017 18:30:28 GMT
PPServer: PPV: 30 H: BL2IDSPRTS1C001 V: 0
ETag: "03a9bdb8738d31:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=293478
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1029
Server: Microsoft-IIS/8.5

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.livelogin.info/	1970-01-18 23:16:11	Name: __cfduid Value: dac6c89ef8e565a84bfa5aa6f7d4aca991521035476

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
auth.gfx.ms
livelogin.info
104.111.251.169
104.27.150.120
104.27.151.120
172.217.21.234
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486
374815c3015585ef512d266ad148f74e1793b4a882d5c1d24d61c6a1969ec2f1
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9937e3dc7fbd8bfec6dde8a4902301d5823eaace9a8055c6a32f404c7abfa8fd
a3f124fe4d3ac3868ff78084960386db25f0033e7e5e8ddde7be98b5f878d3e0
b4bcf75eec9c807c7e5c061a6bf35b1abf568bd3917fd4e254ae3f9db84fff92
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
cffd17aa12d2cbc84454c54c27af660e3737c257a4eb4c47bfabca06aa281539

livelogin.info Open in urlscan Pro 104.27.150.120 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

365 kBTransfer

533 kBSize

1 Cookies

5 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

Indicators

livelogin.info Open in urlscan Pro
104.27.150.120 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

365 kB
Transfer

533 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!