
live-microsft-account.ga
2a02:4780:dead:8b5::1
Malicious Activity!
Effective URL: https://live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDnn66ppxnUS3I589SSN384...
Submission: On July 27 via automatic, source certstream-suspicious — Scanned from NL
Summary
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on July 10th 2021. Valid for: a year.
This is the only time live-microsft-account.ga was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2a02:4780:dea... 2a02:4780:dead:8b5::1 | 204915 (AWEX) (AWEX) | |
2 | 2606:4700::68... 2606:4700::6813:b978 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:1634 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2606:4700:303... 2606:4700:3034::ac43:9689 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
16 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
live-microsft-account.ga
live-microsft-account.ga |
33 KB |
6 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1888 ka-f.fontawesome.com — Cisco Umbrella Rank: 4402 |
184 KB |
2 |
000webhost.com
cdn.000webhost.com — Cisco Umbrella Rank: 167934 |
4 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 72 |
922 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
7 | live-microsft-account.ga |
live-microsft-account.ga
|
5 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | cdn.000webhost.com |
live-microsft-account.ga
|
1 | fonts.googleapis.com |
live-microsft-account.ga
|
1 | kit.fontawesome.com |
live-microsft-account.ga
|
16 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.000webhost.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.000webhostapp.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2021-07-10 - 2022-08-10 |
a year | crt.sh |
*.000webhost.com Sectigo RSA Domain Validation Secure Server CA |
2022-01-17 - 2023-01-13 |
a year | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-01 - 2023-01-01 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-12 - 2022-09-11 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-07-04 - 2022-09-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDnn66ppxnUS3I589SSN38400SSXBQ512US7-48SASD388XB36bdi8853hb/index.html
Frame ID: C50B82A4DAD891BF191707FF56108579
Requests: 16 HTTP requests in this frame
Screenshot

Page URL History Show full URLs
- https://live-microsft-account.ga/ Page URL
- https://live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDn... Page URL
Detected technologies

Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js

Detected patterns
- googleapis\.com/.+webfont
Page Statistics
16
Requests
56
%
HTTPS
100
%
IPv6
4
Domains
5
Subdomains
5
IPs
2
Countries
222
kB
Transfer
428
kB
Size
0
Cookies
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://live-microsft-account.ga/ Page URL
- https://live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDnn66ppxnUS3I589SSN38400SSXBQ512US7-48SASD388XB36bdi8853hb/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
live-microsft-account.ga/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.html
live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDnn66ppxnUS3I589SSN38400SSXBQ512US7-48SASD388XB36bdi8853hb/ |
9 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDnn66ppxnUS3I589SSN38400SSXBQ512US7-48SASD388XB36bdi8853hb/ |
22 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.css
live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDnn66ppxnUS3I589SSN38400SSXBQ512US7-48SASD388XB36bdi8853hb/ |
82 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDnn66ppxnUS3I589SSN38400SSXBQ512US7-48SASD388XB36bdi8853hb/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b3b9bf6cbf.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m_logo.svg
live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDnn66ppxnUS3I589SSN38400SSXBQ512US7-48SASD388XB36bdi8853hb/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.1.2/css/ |
100 KB 21 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.1.2/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.1.2/css/ |
823 B 717 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.1.2/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img1.svg
live-microsft-account.ga/Microsoft-Account-verification-proofs-Us7aftGkIOLag38183NNHSGsjrgvmm0L88SKDnn66ppxnUS3I589SSN38400SSXBQ512US7-48SASD388XB36bdi8853hb/ |
2 KB 902 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1003 B 922 B |
Font
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.1.2/webfonts/ |
151 KB 152 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| FontAwesomeKitConfig function| soloNumeros function| getCookie undefined| wordpressAdminBody object| notification object| hostingerLogo undefined| mainContent undefined| googleFont undefined| css undefined| style undefined| sheet undefined| button undefined| link undefined| mainContentHolder undefined| h1Tag undefined| h2Tag undefined| paragraph undefined| list undefined| org_html undefined| new_html undefined| saleImage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
18 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.000webhost.com
fonts.googleapis.com
ka-f.fontawesome.com
kit.fontawesome.com
live-microsft-account.ga
2606:4700:3034::ac43:9689
2606:4700::6812:1634
2606:4700::6813:b978
2a00:1450:4001:812::200a
2a02:4780:dead:8b5::1
040b6a6257f4e9b03d02543c254b47fc2287a93913e6b8e4aef00e72c4b46cfc
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
3fc4c4d002d08d22e54368dbeda2c833b1fbf8246ecba14c17b51d240526c11a
5e7dfb3770b62bcfa8623c327404f5080e7ba6e2a219c41ad252f4c38ebd7a7d
683ea60cc3dbfde397282a60bb8d073389b2217f9f04aaa25822e43dd3b16c2e
6c94f6c5c05782ebad6f1da0bf458b8e7f1ea755369e1ac9a0b5e7606c2a7f89
837494f2b4a3de7bceb87d79e841ae48b96f81082a2421858e06b1d5d1e117f8
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
a8effafa7a58184a5a60a462e0883464251d4036f1270cc36766c6b7dce58cb8
c51a12212db6797d3298cc0f1797ba121e45cd26e0d11222389d82800e905a71
d53e3e4eaa850d4bce9b839f6b42791f753b964ab39b1ed831ab848de66de742
d83b5ee040c258b853bfd5efaaf38e093ed56ccc0ef2b02c41a9be1e96c15066
f93eabed9db1894c7c76ceaaa899450f82a3f9e4a003b1753985ad35b2e86ce0